Hi everybody, we are installing a new ldap-server, because we need a new structure. so a simple export/import via slapcat/slapadd is not possible, because we need to change the object structure. I wrote a bash shell-script (we are working under suse), which exports the user datas via ldapsearch, builds the new objects and saves it in ldif-format. then I import the ldif-file via ldap-add in the new ldap-server.
but when I want to import the ldif-file, ldapadd complains about 50 users (from 900 total), that they woud have an invalid format - the lines, which are invalid are always the userPassword-lines of this user.
I tried already to extract this lines with slapcat, copied the extracted lines into my ldif-file, but still the same error.
Is there any other way to export/import the password ? can it be a char-set problem ? I really dont know anymore, what else I could do.....
thanks
gizmo
--On Tuesday, November 18, 2008 10:59 PM +0100 thom_schu@gmx.de wrote:
Is there any other way to export/import the password ? can it be a char-set problem ? I really dont know anymore, what else I could do.....
Rather than bash, I'd suggest using Net::LDAP to do all of this, it should be able to process things without issue.
Since you don't provide examples of a problem password, it's hard to guess why you're having issues.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
thom_schu@gmx.de wrote:
Hi everybody, we are installing a new ldap-server, because we need a new structure. so a simple export/import via slapcat/slapadd is not possible, because we need to change the object structure. I wrote a bash shell-script (we are working under suse), which exports the user datas via ldapsearch, builds the new objects and saves it in ldif-format. then I import the ldif-file via ldap-add in the new ldap-server.
but when I want to import the ldif-file, ldapadd complains about 50 users (from 900 total), that they woud have an invalid format - the lines, which are invalid are always the userPassword-lines of this user.
I tried already to extract this lines with slapcat, copied the extracted lines into my ldif-file, but still the same error.
Is there any other way to export/import the password ? can it be a char-set problem ? I really dont know anymore, what else I could do.....
I guess your script does something wrong but it's hard to guess from the sparse information you gave. BTW: Do you fully understand the LDIF syntax, especially lines with userPassword:: ? ^^
Ciao, Michael.
Hi there, the passwords are base64 coded and look like "userPassword:: e1NNRDV9R3VkVlJv............" when I decode them with "echo passwd | base64 -d", the base64 command returns with an error like "invalid base64 string" for all passwords (42 from 901) which the ldapadd-tool doesnt accept. I tried to put a "=" to the end of the base64 coded password and then it seems to work, at least for the one password I know from this set of not working passwords, and this password consists only of alpha-characters and a "-" can it be that slapcat or ldapsearch (I tried both) fetch some incomplete password-strings ?
thanks
gizmo
thom_schu@gmx.de wrote:
the passwords are base64 coded and look like "userPassword:: e1NNRDV9R3VkVlJv............" when I decode them with "echo passwd | base64 -d", the base64 command returns with an error like "invalid base64 string" for all passwords (42 from 901) which the ldapadd-tool doesnt accept. I tried to put a "=" to the end of the base64 coded password and then it seems to work, at least for the one password I know from this set of not working passwords, and this password consists only of alpha-characters and a "-"
Glad you figured out the issue yourself.
can it be that slapcat or ldapsearch (I tried both) fetch some incomplete password-strings ?
I don't think so since it works for me in so many different setups. Being in your position I'd rather use a scripting language with a decent LDIF parser/writer module for the job.
Ciao, Michael.
Hi there, problem solved ! it was my mistake, I didnt pay attention, that some passwords consist of more than one line, must be a base64 thing, that after some character comes a new line (wikipedia says so) - and my bash-script ignored (and still does :-) ) second line
thanks
gizmo
-------- Original-Nachricht --------
Datum: Tue, 18 Nov 2008 22:59:11 +0100 Von: thom_schu@gmx.de An: openldap-software@openldap.org Betreff: problems with exporting/iimporting passwords
Hi everybody, we are installing a new ldap-server, because we need a new structure. so a simple export/import via slapcat/slapadd is not possible, because we need to change the object structure. I wrote a bash shell-script (we are working under suse), which exports the user datas via ldapsearch, builds the new objects and saves it in ldif-format. then I import the ldif-file via ldap-add in the new ldap-server.
but when I want to import the ldif-file, ldapadd complains about 50 users (from 900 total), that they woud have an invalid format - the lines, which are invalid are always the userPassword-lines of this user.
I tried already to extract this lines with slapcat, copied the extracted lines into my ldif-file, but still the same error.
Is there any other way to export/import the password ? can it be a char-set problem ? I really dont know anymore, what else I could do.....
thanks
gizmo
Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger
thom_schu@gmx.de wrote:
problem solved ! it was my mistake, I didnt pay attention, that some passwords consist of more than one line, must be a base64 thing, that after some character comes a new line (wikipedia says so) - and my bash-script ignored (and still does :-) ) second line
Another good example for not using bash/sed/awk quick-hacks for parsing LDIF.
Ciao, Michael.
openldap-software@openldap.org
-
Michael Ströder -
Quanah Gibson-Mount -
thom_schu@gmx.de