The passowrd is hashed in the ldif file which I am importing from the production system, as below:
# id=00000003 dn: uid=nsadmin,o=trac objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: SuiteSpot Administrator sn: Administrator givenName: SuiteSpot uid: nsadmin creatorsName: cn=nsadmin createTimestamp: 19980218204619Z userPassword:: e1NIQX12bm4rOFpBNFNzdzJJMnlQOVZ2clBJVFlGRzg9 modifiersName: uid=nsadmin,o=trac modifyTimestamp: 19980722182149Z structuralObjectClass: inetOrgPerson entryUUID: 8179b9a2-74d7-102a-9988-90f8caf384a9 entryCSN: 20060511011623Z#000003#00#000000
While putting in the same in slapd.conf wither in hashed form or plain text, it always say invalid credentials.
On 10/30/07, Piotr Wadas pwadas@jewish.org.pl wrote:
ldapmodify -v -x -f /path-to-ldif -w -D "cn=nsadmin,o=trac"
When you try to modify ldap entry, using ldif file, how do you add "userPassword" field ? In ldif file usually hashed password value, e.g.
if you have password "foobar", hashed {CRYPT} string will be $1$J/E/qSv7$SQtxGHJ2UTwkQ40qX8WcN/ Now, with some gui tool like GQ or LdapStudio, you should add prefix {CRYPT} and paste
{CRYPT}$1$J/E/qSv7$SQtxGHJ2UTwkQ40qX8WcN/
into ldap object. This should also work, if you paste above string with {CRYPT} prefix (or {MD5} or other, depending how you hashed the password.
Note that with slapcat/slapadd user password should be additionaly base64 encoded, and AFAIR, "userPassword" attribute name should be prepended with double colon, e.g
perl -MMIME::Base64 -e "print encode_base64('{CRYPT}$1$J/E/qSv7$SQtxGHJ2UTwkQ40qX8WcN/');"
userPassword:: e0NSWVBUfS9FL3FTdjcv
Anyway does authentication work with slapd.conf including plain or hashed password? P.