[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldappasswd usage problems

To: Gremaud Cyrill <cyrill.gremaud@hefr.ch>
Subject: Re: ldappasswd usage problems
From: Bruce Carleton <bruce.carleton@dena.com>
Date: Fri, 12 Sep 2014 11:07:30 -0700
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
In-reply-to: <5B7CAD03-728F-45F8-9E93-2FFB1F3C8D6E@hefr.ch>
References: <CAD1YxOcgMLN9Bt9Qe-YSu53-cQ0cxA01Oj38i-Bg1BY=Or9YJg@mail.gmail.com> <F49165F2-8D27-4873-A8B2-F5D10DC6D85C@hefr.ch> <CAD1YxOfuSLLptJBJNVA_Ez5_U1p8n6nF=z7o=zZCc-vAEydXcg@mail.gmail.com> <5B7CAD03-728F-45F8-9E93-2FFB1F3C8D6E@hefr.ch>

I'm not setting up any new 10 boxes. They're on there way out. I have
lots of 12. 14 is in the pipeline. There a lot of servers, so it takes
time. This is what I did. I just made a little awk script to generate
the LDIF. The transcript follows:

$ cat gen_pw_ldif
#!/usr/bin/awk -f

# This filter reads on the standard in
# The first column is the user id.
# The second column is the password

{

## Password generation command
 pw_gen_cmd = "slappasswd -s "$2

 ## Generate it and close the command
 pw_gen_cmd | getline my_pw_hash
 close(pw_gen_cmd)

 print("dn: uid="$1",ou=people,dc=example,dc=com")
 print("changetype: modify")
 print("add: userPassword")
 print("userPassword: "my_pw_hash)
 print("")
}
$ cat pw.txt
bruce somepassword
sfo:tmp bruce.carleton$ cat pw.txt | ./gen_pw_ldif
dn: uid=bruce,ou=people,dc=example,dc=com
changetype: modify
add: userPassword
userPassword: {SSHA}bedZtoek9zYOquI7tHigo5Mw6GzcPNB0

$

On Thu, Sep 11, 2014 at 10:40 PM, Gremaud Cyrill <cyrill.gremaud@hefr.ch> wrote:
> Hi Bruce,
>
> It’s strange. Firstly, I think you must upgrade your ubuntu server to the latest LTS to ensure maximum compatibility.
>
> 14.04.1 LTS is very great for me.  I really think that use 10 is dangerous. Do you have installed ldap-utils packet ?
> If you use Ubuntu 10, I think you don’t have the last release of OpenLDAP too ? You use slaps.conf or cn=config ?
>
> Best regard cyrill
>
> On 11 Sep 2014, at 20:30, Bruce Carleton <bruce.carleton@dena.com> wrote:
>
>> Cyrill,
>>
>> Thanks for the suggestion. I'll go that route for now. I'd still like
>> to figure out why I can't get ldappasswd to work though. It feels
>> broken in my case. Perhaps it's an Ubuntu packaging issue of some
>> kind. It worked fine in Ubuntu 10.
>>
>> Best,
>>
>>   --Bruce
>>
>>
>>
>> On Wed, Sep 10, 2014 at 11:00 PM, Gremaud Cyrill <cyrill.gremaud@hefr.ch> wrote:
>>> Hello Bruce,
>>>
>>> I’m not an OpenLDAP expert but personally, when I want to set a password, I generate a good one with slappasswd.
>>>
>>> Using this tool, you will be prompted to enter a new password twice. The output of this tool will something like this : {SSHA}dsfjklihjfkajsdhfklasdjfasd
>>>
>>> Copy this value (with {SSHA} ) and create an ldif file just to set your password. For example if I want to set this password for olcDatabase={0}config,cn=config and for a specific root DN
>>>
>>> dn: olcDatabase={0}config,cn=config
>>> changetype: modify
>>> add: olcRootDN
>>> olcRootDN: cn=admin,cn=config
>>> -
>>> add: olcRootPW
>>> olcRootPW: {SSHA}dsfjklihjfkajsdhfklasdjfasd
>>>
>>> If you have already a RootDN, you can use it or if you just want to change it, replace the keyword “add” by “replace”.
>>>
>>> You can execute this ldif file using : ldapmodify -Y EXTERNAL -H ldapi:/// -f file.ldif
>>>
>>> To try to connect with this new password, you can try this command:
>>>
>>> ldapmodify -H ldap://yourserver.domain.cc -D “cn=admin,cn=config” -W
>>>
>>> You will be prompted to enter your password.
>>>
>>>
>>> Best Regards, cyrill gremaud
>>>
>>> On 10 Sep 2014, at 19:49, Bruce Carleton <bruce.carleton@dena.com> wrote:
>>>
>>>> I'm having problems setting passwords with ldappasswd. It keeps
>>>> failing with a usage message. I've tried a bunch of different
>>>> arrangements of the command line arguments, but it keeps giving me a
>>>> usage message. Here's an example:
>>>>
>>>> ldappasswd -s some_password \
>>>> -x -H ldapi:/// \
>>>> -D cn=admin,dc=example,dc=com -y secret.txt \
>>>> uid=some.user,ou=people,dc=example,dc=com
>>>>
>>>> During one of my attempts I followed the order specified in the man
>>>> page. That didn't work either. I'm using the packaged (ldap-utils /
>>>> 2.4.28-1.1ubuntu4.4) ldappasswd on Ubuntu 12.04.4 LTS. The specific
>>>> ldappasswd version follows:
>>>>
>>>> $ ldappasswd -VV
>>>> ldappasswd: @(#) $OpenLDAP: ldappasswd  (Sep 19 2013 22:39:03) $
>>>> buildd@panlong:/build/buildd/openldap-2.4.28/debian/build/clients/tools
>>>> (LDAP library: OpenLDAP 20428)
>>>>
>>>> I'm feeling kind of stuck on this. I'm probably missing something
>>>> silly. Any suggestions?
>>>>
>>>> Thanks,
>>>>
>>>>  --Bruce
>>>>
>>>
>

Follow-Ups:
- Re: ldappasswd usage problems
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

References:
- ldappasswd usage problems
  - From: Bruce Carleton <bruce.carleton@dena.com>
- Re: ldappasswd usage problems
  - From: Gremaud Cyrill <cyrill.gremaud@hefr.ch>
- Re: ldappasswd usage problems
  - From: Bruce Carleton <bruce.carleton@dena.com>
- Re: ldappasswd usage problems
  - From: Gremaud Cyrill <cyrill.gremaud@hefr.ch>

Prev by Date: LDAP_OPT_DESC historic
Next by Date: Re: OpenLDAP crash when defining multiple olcDbURI for chaining
Index(es):
- Chronological
- Thread