Currently doing a targeted sync of userPassword field from one LDAP to another following this process.

1)      Query using ldapsearch and grab userPassword field.

2)      Deode string using base64 –d

3)      Import resultant encrypted password into other ldap using ldapmodify.

 

This process worked when the password decoded into {crypt} format, but after they upgraded and changed to {SSHA} format passwords, it no longer works. Also confirmed with Oracle LDAP admins that the decode matches our {SSHA} string.

 

Is there some additional configuration information I need to request from the oracle LDAP server administrators for server or client config in openldap?

 

# Querying other LDAP server

$ ldapsearch -h oracleServer -D - -w - -b - "uid=-" | grep ^userPassword

userPassword:: e1NTSEF9S3hNQVVoRGY0Y0ZMVXdVREZQb1VDMFNvRFdRb0c2TnNLRTVZUWc9PQ=

$ ldapsearch -h oracleServer -D - -w - -b - "uid=-" | grep ^userPassword | base64 -d

{SSHA}KxMAUhDf4cFLUwUDFPoUC0SoDWQoG6NsKE5YQg==base64: invalid input

## After importing decrypted into new server, the encrypted string matches.

$ ldapsearch -h openLDAPServer -D - -w - "uid=-" | grep ^userPassword

userPassword:: e1NTSEF9S3hNQVVoRGY0Y0ZMVXdVREZQb1VDMFNvRFdRb0c2TnNLRTVZUWc9PQ=