Here is a sample ldif entry.
dn: uid=user1,ou=users,ou=employees,ou=users,dc=example,dc=com uid: user1 cn: Test User sn: User mail: user1@example.com mailRoutingAddress: user1@pellns.example.com mailHost: pellns.example.com objectClass: inetLocalMailRecipient objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top userPassword: {crypt}HmiRzy27ULRyo loginShell: /bin/false uidNumber: 1579 gidNumber: 1001 homeDirectory: /user/U/user1
-----Original Message----- From: Gavin Henry [mailto:ghenry@suretecsystems.com] Sent: Monday, August 13, 2007 5:18 PM To: Rick Tautin Cc: Pierangelo Masarati; openldap-software@openldap.org Subject: Re: Problem changing passwords after import
Rick Tautin wrote:
ldapwhoami does not work until the password has been changed by manager. I meant that I can successfully pop mail, ftp to servers
using
the username and password before it has been changed by the manager
account
Do you have a sample LDIF entry so we can see what the password format was before import?
Gavin.
-----Original Message----- From: Pierangelo Masarati [mailto:ando@sys-net.it] Sent: Mon 8/13/2007 3:22 PM To: Rick Tautin Cc: openldap-software@openldap.org Subject: Re: Problem changing passwords after import
Rick Tautin wrote:
I guess I am not sure what you mean my portable,
I mean: crypt(3) is implementation dependent, so different implementations (e.g. the one in libc and the one in openssl's libcrypto) do not interoperate.
I was able to import all the users into ldap and they can successfully authenticate with those usernames and passwords.
You mean ldapwhoami works for those users __before__ you force the password change using the manager identity? If ldapwhoami does, then ldappasswd must work as well.
Why then would just the manager account be able to change the password. Is there away around this
if
they were all crypted with crypt(3)?
No straightforward manner. You'll need to crack those passwords (usually trivial with crypt(3)).