Christian Schmidt wrote:
Hello Howard,
thank you very much for your reply.
Howard Chu, 10.11.2010 (d.m.y):
No conversion is necessary, as long as you built OpenLDAP with --enable-crypt and you're using the native C library's crypt() (and not e.g. OpenSSL's crypt())
I just gave this a try and changed a user's password to "password" which resulted in the MD5 hash "$md5$4bNuD9JW$$P/Lr2qkcw9wv1yYNokfQG0".
I created an LDIF file with the following line and imported it into the directory:
userPassword: {CRYPT}$md5$4bNuD9JW$$P/Lr2qkcw9wv1yYNokfQG0
The phrase after {CRYPT}) is the hash Solaris put in its /etc/shadow.
After importing this line into the LDAP directory, I could *not* login as the corresponding user using the password "password". :-(
(And the slapd is actually running on Solaris.)
It is not: We're running OpenLDAP on Debian GNU/Linux...
Then you have no chance. Notice I said "and" in all of those conditions above. Since you have not met all of the conditions, this cannot work.