Christian Schmidt wrote:
Hi all,
we want to switch a server machine from Solaris (credentials stored in "traditional" passwd and shadow file) to Debian with OpenLDAP for authentication.
Creating LDIF files from /etc/passwd and /etc/shadow using PADL's migrationtools is working fine. The only problem is, that many user passwords on the Solaris machine have been encrypted using Sun's md5 scheme which results in hashes beginning with the characters "$md5$".
These hashes can be "imported" into our LDAP directory, but they cannot be used for authentication: Each attempt results in "access denied" on the client side and LDAP bind errors on the server side. Even when adding the user information to /etc/passwd and /etc/shadow on the Linux machine, there's no success.
With CRYPT password hashes, everything works fine.
Do you know any means to "convert" these Solaris-md5-hashed password strings into something we can use with OpenLDAP?
I appreciate your helpful answers. Thanks in advance!
No conversion is necessary, as long as you built OpenLDAP with --enable-crypt and you're using the native C library's crypt() (and not e.g. OpenSSL's crypt()) and the password is stored with the {crypt} tag. (And the slapd is actually running on Solaris.)