m h wrote:
I'm trying to write a script to change the rootpw value in slapd.conf.
Why? Parsing slapd.conf yourself is error-prone. If you really need the rootdn I would disable rootpw in slapd.conf and add a real entry for rootdn for which you can set the userPassword attribute.
My question has to do with the random salt. How do I verify the existing password?
Going through slappasswd doesn't appear to work, since it uses a random salt each time.
Yes, slappasswd is for generating not checking password values.
Furthermore, how does the server know what the salt is?
Since you know how long the particular hash value is everything else is the salt.
(I read through the FAQ on the website and it says the salt is added to the password before encryption).
The salt is randomly chosen and hashed (not encrypted) together with the password.
Anyway I'd recommend not to mess with slapd.conf at all (see above).
Ciao, Michael.