Ian wrote:
On Wed, 22 Apr 2009 00:13:51 Michael Ströder wrote:
Is this from your original data?
Yes, taken from the original server's LDAP database.
Do all entries have password values like this? Check that.
Yes, they do!
If yes, then you should not have a problem to migrate this data.
Yet sadly I do have a problem :-/ [..] I have used ldapsearch to confirm that the password hashes are the same on the old & new servers when I use ldapsearch or slapcat to view them. Yet I can't login on the new server.
Then the issue is something different maybe in your client configuration. If you transfer the userPassword values without altering them they are still the same. If the scheme is not {CRYPT} the platform-specific Unix crypt is *not* relevant.
And since the hashes are salted, I can't tell if the actual password is really different.
{MD5} is not salted. {SMD5} would be salted.
This is a hashed MD-5 created by Unix crypt. As you can see this is completely different password format:
{CRYPT}$2a$10$FThnBowyNXL.DwnXypAsR..ocCmfkZ023tH0wWNog8qwIz/P.3gwe
You should also consult the fine articles in the FAQ-O-MATIC:
I'll give that a read tonight and do some more testing.
Yes, please. After that you understand the differences much better.
Ciao, Michael.
openldap-software@openldap.org
-
Michael Ströder