Ron Parker <sysop@scbbs.com> writes:
the FAQ will put you in the right direction http://www.openldap.org/faq/data/cache/344.html I tried both of these: perl -e 'print("userPassword: {CRYPT}".crypt("secret","salt")."\n");' which gives me: userPassword: {CRYPT}saHW9GdxihkGQ perl -e 'use Crypt::PasswdMD5;print("userPassword: {CRYPT}".unix_md5_crypt("password","salt")."\n");' which gives me: userPassword: {CRYPT}$1$salt$qJH7.N4xYta3aEG/dfqo/0 I modifified "cn=Ron,ou=Zimbra,dc=example,dc=com" with each. Example:
[...]
and tried to login as "Ron" using each: ldapsearch -v -H "ldap://example.com" -D 'cn=Ron,ou=Zimbra,dc=example,dc=com' -W -x -b 'ou=Zimbra,dc=example,dc=com' When prompted for the password, I enter either "secret" or "password" (depending upon the userPassword I modified user with) and still get "Invalid Credentials (49)". The rootdn password works just fine. Why won't any of the user passwords work?
Dieter wrote: "You probabely compiled openldap with-crypt and with-ssl, thus loading libcrypt and libcrypto, which will put clients and server in an unpredictable state." On my RHEL 4 system I have the following rpms installed: openldap-2.2.13-7.4E openldap-clients-2.2.13-7.4E openldap-devel-2.2.13-7.4E openldap-servers-2.2.13-7.4E compat-openldap-2.1.30-7.4E I'm using the openldap-server and trying to log in using the openldap-client. "The FAQ states that openldap and clients have to be build with the same crypt library. On my system (SuSE Linux-9.3) perl has been build with libcrypt, while openldap has been build with libcrypto. Please check your system and refrain from using cryt password hashes if possible." I'm not sure what the above means, or rather, what I need to do.
I tried using different schemes for the userPassword:
[root@db workarea]# slappasswd -h {SHA}
New password:
Re-enter new password:
{SHA}5en6G6MezRroT3XKqkdPOmY/BfQ=
and
[root@db workarea]# slappasswd -h {MD5}
New password:
Re-enter new password:
{MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==
I ran ldapmodify for user for each password. I ran ldapsearch as the user:
ldapsearch -v -H "ldap://example.com" -D 'cn=Ron,ou=Zimbra,dc=example,dc=com' -W -x -b 'ou=Zimbra,dc=example,dc=com'
Each time I enter password, login fails with "Invalid Credentials (49)".
Is there some configuration change I need to make to openldap itself?
Help!
-ron
-- Ron Parker Software Creations http://www.scbbs.com Self-Administration Web Site http://saw.scbbs.com SDSS Subscription Mgmt Service http://sdss.scbbs.com Central Ave Dance Ensemble http://www.centralavedance.com R & B Salsa http://www.randbsalsa.com