Am 10.03.23 um 20:36 schrieb Quanah Gibson-Mount:
--On Friday, March 10, 2023 7:37 PM +0100 Stefan Kania stefan@kania-online.de wrote:
Am 10.03.23 um 19:24 schrieb Quanah Gibson-Mount:
Ok. I still don't know what 'changing the password via LDIF' means though.
Generate a password with for example slappasswd or argon2 and replace the attribute userPassword via a ldif-files
I think you mean, you're generating a hash for a password with slappasswd in either SSHA or ARGON2 format, and then updating an entry using LDIF files in some way (ldapmodify -f?).
Please provide an example LDIF file of such a change, using a stupid password for the hash (i.e., secret)
Regards, Quanah
For a rootdn ------------------- dn: olcDatabase={2}mdb,cn=config changetype: modify replace: olcRootPW olcRootPW: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$ZGJmZ2lrbmpiZHZzZ3NhdmRzZw$J6eXYSxY4tDs4l8SdBkIwcAU0OqEEdR0gpFNJ5MSqQs -------------------
and a posix or simpleSecurityObject: ------------------- dn: uid=repl-user,ou=users,dc=example,dc=net changetype: modify replace: userPassword userPassword: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$c2FsdHNsYXQ5ODc2NTQzMg$Td51W49s0X74om++/EnMRsP4La3x46KufcGGY01T8+M ------------------- To reset several userpasswords I can use a script to reset passwords for many users.