Ian wrote:
On Wed, 22 Apr 2009 00:04:47 Andrew Findlay wrote:
On Tue, Apr 21, 2009 at 03:37:11PM +0200, Michael Ströder wrote:
Hmm, which password scheme is used? Are the userPassword values prefixed with {MD5} or with {CRYPT}? In the latter case libcrypt on both systems could be incompatible. So this could be another issue. The general advice is not to use {CRYPT}. Recommended is to use salted SHA-1 (password scheme {SSHA}).
You also need to make sure that the new server was built with support for your chosen hash scheme. If using crypt passwords, this means adding the --enable-crypt flag to the initial 'configure' command.
Maybe that's where the problem lies. From what Michael said in his reply, the passwords are plain MD5 hashes. Perhaps I've build the new one with crypt support and it's trying to use that instead of straight MD5?
The password scheme {MD5} does not need --enable-crypt!
As Michael says, it would make sense to use 2.4.16 for your new installation.
And I shall, but maybe now it's best to get 2.3.x working first, then go to the new version.
You might have to migrate your database. So there's really no reason to not directly use 2.4.16.
Ciao, Michael.
openldap-technical@openldap.org
-
Michael Ströder