[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: unixUserPassword and userPassword

To: Chad Scott <cscott@appdynamics.com>
Subject: Re: unixUserPassword and userPassword
From: jupiter <jupiter.hce@gmail.com>
Date: Sat, 12 Oct 2013 11:01:24 +1100
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=gpz60YmRkQsYlPAI8VuIq6FjBGlUumIyZr7DCcbUisE=; b=C7VPYjVnGmSG7oHkJhgFKSX3plcw91VqMp9c/1gYiwzxvzJ9wWg88wta7Dhn8KmBJS s4zolmq0kqnifX2x41UZDU22Let8DpYE4CuZXeOzih6UsJM/Mgi0QsJXGi6JgkKJz/Gi sPZR/km6V3H+7N97PVlem66yJGHqezrx4uzNweKHX6gTOapWv9uBjkuH+j5hHoSNi45z bD1Iu/uoMn6QorZfO9343jXuDxVNiwVSSX70CIeDvJMzJcuDTX+3YEejZhnKZMzuzL7S UDatTpRXzEWJGcaHGOoHVMtzKJ/sqOKtx1zVde/tQ7D9BimblgvI8Kgu5rRj+tIrZ9ib zyyA==
In-reply-to: <CAO6xJEce3Ap2oRc0n0jow3p0Zo2HTehe4uRWCp5QAtQ_1UxHmg@mail.gmail.com>
References: <CAA=hcWQLZsnEwTSfgTaSURrXGizqVbvE=56M_WYWNGABakv46Q@mail.gmail.com> <2685585E-1086-401B-BFD9-DB85BA7D5325@appdynamics.com> <CAA=hcWRXz3NA585MgAC0=sreatEk+P2Cha3vZT=9F_0RjDsamw@mail.gmail.com> <CAO6xJEce3Ap2oRc0n0jow3p0Zo2HTehe4uRWCp5QAtQ_1UxHmg@mail.gmail.com>

Hi Chad,

On 10/12/13, Chad Scott <cscott@appdynamics.com> wrote:
> That doesn't really look like a "crypt"ed password. Do you know what format
> it is in? slapd supports numerous encryption schemes.

I don't know what encryption type for unixUserPassword and I could not
find from searching Internet either.

I got it from openldap server using Microsoft Active Directory database.

I have been trying to check slappasswd in different encryption type
MD5, etc, but no luck.


>
> On Fri, Oct 11, 2013 at 4:19 PM, jupiter <jupiter.hce@gmail.com> wrote:
>
>> Thanks Chad for your response. Let me clarify the question:
>>
>> I have old LDAP AD password encryted in unixUserPassword:
>>
>> unixUserPassword: CNRP!efgh12345$67899
>>
>> How can I use the encrypted password in unixUserPassword format to
>> userPassword?
>>
>> If I tried to add the unixUserPassword to an ldif file:
>>
>> dn: xxxxxxxxx
>> changetype: modify
>> replace: userPassword
>> userPassword: {crypt}CNRP!efgh12345$67899
>>
>> Then run the command ldapmodify, it did not work, because it is simply
>> that the encrypted password "CNRP!efgh12345$67899" from
>> unixUserPassword is not the {crypt} format (I have no idea what the
>> format for the unixUserPassword is)
>>
>> I have searched openldap document and Internet, could not find anwser
>> for what type of the encryption used in unixUserPassword and how could
>> I convert the password in unixUserPassword to userPassword in an idif
>> file. Appreciate any advice and helps.
>>
>> Thank you.
>>
>> Kind regards,
>>
>> jupiter
>>
>>
>> On 10/12/13, Chad Scott <cscott@appdynamics.com> wrote:
>> > If I'm understanding your question, you need to base64 encode "{crypt}"
>> > followed by the old, encrypted value.
>> >
>> > You can avoid the base64 by using just one colon in your LDIF add.
>> >
>> >> On Oct 11, 2013, at 3:51, jupiter <jupiter.hce@gmail.com> wrote:
>> >>
>> >> Hi,
>> >>
>> >> I am migrating user account entries from an old openldap AD to
>> >> openldap BDB. Both LDAP client authentications are implemented in
>> >> Linux, the former in CentOS 5, and the latter in CentOS 6.
>> >>
>> >> But the major problem is that the old openldap AD uses encrypted
>> >> password in "unixUserPassword:" while the openldap BDB uses base64
>> >> "userPassword::".
>> >>
>> >> The option for solution I could think of are:
>> >>
>> >> (a) Convert the encrypted password from unixUserPassword format to
>> >> userPasswor, then I can use ldapmodify to change userPassword. Is it
>> >> possible? If it is, appreciate more details.
>> >>
>> >> (b) Change LDAP client authentication to use unixUserPassword. I
>> >> haven't found any document to configure Linux client authentication to
>> >> use unixUserPassword.
>> >>
>> >> In fact, I could not find any document regarding details of uing
>> >> unixUserPassword. Any suggestions, tips and advice are very much
>> >> appreciated.
>> >>
>> >> Thank you.
>> >>
>> >> Kind regards,
>> >>
>> >> jupiter
>> >>
>> >> Sorry for asking a non-dev question, but I could not find any solution
>> >> from openldap document, nor from Internet searching.
>> >>
>> >> Thank you and appreciate any advice.
>> >>
>> >> Kind regards,
>> >>
>> >> jupiter
>> >>
>> >
>>
>

References:
- unixUserPassword and userPassword
  - From: jupiter <jupiter.hce@gmail.com>
- Re: unixUserPassword and userPassword
  - From: Chad Scott <cscott@appdynamics.com>
- Re: unixUserPassword and userPassword
  - From: jupiter <jupiter.hce@gmail.com>
- Re: unixUserPassword and userPassword
  - From: Chad Scott <cscott@appdynamics.com>

Prev by Date: Re: unixUserPassword and userPassword
Next by Date: RE: memberof overlay results in unexpected slapd death?
Index(es):
- Chronological
- Thread