the FAQ will put you in the right direction http://www.openldap.org/faq/data/cache/344.html
I tried both of these:
perl -e 'print("userPassword: {CRYPT}".crypt("secret","salt")."\n");' which gives me: userPassword: {CRYPT}saHW9GdxihkGQ
perl -e 'use Crypt::PasswdMD5;print("userPassword: {CRYPT}".unix_md5_crypt("password","salt")."\n");' which gives me: userPassword: {CRYPT}$1$salt$qJH7.N4xYta3aEG/dfqo/0
I modifified "cn=Ron,ou=Zimbra,dc=example,dc=com" with each. Example:
# Ron, Zimbra, example.com dn: cn=Ron,ou=Zimbra,dc=example,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: Ron givenName: Ron sn: Jones mail: ron@example.com postalAddress: PO Box 1000 l: El Segundo st: California ou: Zimbra postalCode: 90222 telephoneNumber: +1-310.323.7033 mobile: +1-310.323.7033 homePhone: +1-310.323.7033 userPassword: {CRYPT}saHW9GdxihkGQ
and tried to login as "Ron" using each:
ldapsearch -v -H "ldap://example.com" -D 'cn=Ron,ou=Zimbra,dc=example,dc=com' -W -x -b 'ou=Zimbra,dc=example,dc=com'
When prompted for the password, I enter either "secret" or "password" (depending upon the userPassword I modified user with) and still get "Invalid Credentials (49)".
The rootdn password works just fine. Why won't any of the user passwords work?
Ron Parker sysop@scbbs.com writes:
the FAQ will put you in the right direction http://www.openldap.org/faq/data/cache/344.html
I tried both of these:
perl -e 'print("userPassword: {CRYPT}".crypt("secret","salt")."\n");' which gives me: userPassword: {CRYPT}saHW9GdxihkGQ
perl -e 'use Crypt::PasswdMD5;print("userPassword: {CRYPT}".unix_md5_crypt("password","salt")."\n");' which gives me: userPassword: {CRYPT}$1$salt$qJH7.N4xYta3aEG/dfqo/0
I modifified "cn=Ron,ou=Zimbra,dc=example,dc=com" with each. Example:
[...]
and tried to login as "Ron" using each:
ldapsearch -v -H "ldap://example.com" -D 'cn=Ron,ou=Zimbra,dc=example,dc=com' -W -x -b 'ou=Zimbra,dc=example,dc=com'
When prompted for the password, I enter either "secret" or "password" (depending upon the userPassword I modified user with) and still get "Invalid Credentials (49)".
The rootdn password works just fine. Why won't any of the user passwords work?
You probabely compiled openldap with-crypt and with-ssl, thus loading libcrypt and libcrypto, which will put clients and server in an unpredictable state. The FAQ states that openldap and clients have to be build with the same crypt library. On my system (SuSE Linux-9.3) perl has been build with libcrypt, while openldap has been build with libcrypto. Please check your system and refrain from using cryt password hashes if possible.
-Dieter
openldap-software@openldap.org
-
Dieter Kluenter -
Ron Parker