Brett @Google wrote:
On Thu, Aug 28, 2008 at 10:21 PM, k bahkbah@linuxmail.org wrote:
I have one LDAP master server, a test server, which no one but me has access to (at least I think). Something really strange is happening, userPassword fields (they are in MD5 format) keep getting changed every 1 or 2 days. Sometimes they change after a mass add operation, or mass delete operation. It could be someone messing with me, but that would be unusual, since they also happen after I do mass operations on the server. I rechecked my "mass operation" scripts, and they do not seem to be breaking other entries while they operate on a given entry (add/delete entry and bind with that DN). I think maybe my BDB and cache settings may be causing it, it's just a thought, I really don't know what's going on:
You dont seem to have an explicit "password-hash" statement that specifies MD5 hash. Perhaps is defaulting to "password-hash {SSHA}" which is a salted hash (even if you hash the same value, you get a different string each time) unlike MD5 which usually gives you the same hash string output, where the input string is the same.
Probably best to state the password hash type explicitly (assuming you care), rather than rely on the default, which might change depending on openldap version / compile options / libraries in the build environment etc.,
The default hash has always been SSHA.
It sounds like the original poster just doesn't know about base64 values in LDIF...