Hi,
I'm writing a script to help my fellow admins automatically creates user accounts in OpenLDAP 2.4. Can provide copy of script if you would like it.
The issue I have is encrypting the plain text word into passwd format, I found the very helpful slappasswd2.4 which seems to work so I put it into my script:
echo $NEWPASS > /tmp/newpass chmod 400 /tmp/newpass slappasswd2.4 -h {crypt} -T /tmp/newpass > /tmp/passenc chmod 400 /tmp/passenc EPASS=`cat /tmp/passenc`
It creates an entry in the passenc file which looks like this:
{crypt}mHUqpeNah1BOQ
But when i use this as a variable to the 'userpassword:' attribute then try to compare passwds within phpLDAPadmin it fails.
Any hints would be appreciated.
Thanks,
Stuart. _________________________________________________________________ http://clk.atdmt.com/UKM/go/195013117/direct/01/ We want to hear all your funny, exciting and crazy Hotmail stories. Tell us now
Stuart Cherrington stuart_cherrington@hotmail.co.uk writes:
Hi,
I'm writing a script to help my fellow admins automatically creates user accounts in OpenLDAP 2.4. Can provide copy of script if you would like it.
The issue I have is encrypting the plain text word into passwd format, I found the very helpful slappasswd2.4 which seems to work so I put it into my script:
echo $NEWPASS > /tmp/newpass chmod 400 /tmp/newpass slappasswd2.4 -h {crypt} -T /tmp/newpass > /tmp/passenc chmod 400 /tmp/passenc EPASS=`cat /tmp/passenc`
It creates an entry in the passenc file which looks like this:
{crypt}mHUqpeNah1BOQ
But when i use this as a variable to the 'userpassword:' attribute then try to compare passwds within phpLDAPadmin it fails.
Any hints would be appreciated.
http://www.openldap.org/faq/data/cache/344.html
-Dieter
From: dieter@dkluenter.de To: openldap-technical@openldap.org Subject: Re: slappasswd2.4 output issue Date: Tue, 27 Jul 2010 10:11:45 +0200
Stuart Cherrington stuart_cherrington@hotmail.co.uk writes:
Hi,
I'm writing a script to help my fellow admins automatically creates user accounts in OpenLDAP 2.4. Can provide copy of script if you would like it.
The issue I have is encrypting the plain text word into passwd format, I found the very helpful slappasswd2.4 which seems to work so I put it into my script:
echo $NEWPASS > /tmp/newpass chmod 400 /tmp/newpass slappasswd2.4 -h {crypt} -T /tmp/newpass > /tmp/passenc chmod 400 /tmp/passenc EPASS=`cat /tmp/passenc`
It creates an entry in the passenc file which looks like this:
{crypt}mHUqpeNah1BOQ
But when i use this as a variable to the 'userpassword:' attribute then try to compare passwds within phpLDAPadmin it fails.
Any hints would be appreciated.
Thanks - I always forget to look in the FAQ!!!!
Have adapted it slightly so my script would now say
EPASS=`perl -e 'print("{CRYPT}".crypt("$NEWPASS","SC")."\n");'`
But the comparison option in phpLDAPadmin still fails. AM I doing this right?
Thx - STuart.
-Dieter
-- Dieter Klünter | Systemberatung sip: 7770535@sipgate.de http://www.dpunkt.de/buecher/2104.html GPG Key ID:8EF7B6C6
_________________________________________________________________ http://clk.atdmt.com/UKM/go/197222280/direct/01/ We want to hear all your funny, exciting and crazy Hotmail stories. Tell us now
Sorry to reply to my own reply but I think I worked out why it fails.
The phpLDAPadmin encryption uses random Salt (AKA SaltedHash), which I can disable, but would rather not. So how does I use the Perl::SaltedHash to encrypt a plain text word?
Cheers,
Stuart.
From: stuart_cherrington@hotmail.co.uk To: openldap-technical@openldap.org Subject: RE: slappasswd2.4 output issue Date: Tue, 27 Jul 2010 08:39:00 +0000
From: dieter@dkluenter.de To: openldap-technical@openldap.org Subject: Re: slappasswd2.4 output issue Date: Tue, 27 Jul 2010 10:11:45 +0200
Stuart Cherrington stuart_cherrington@hotmail.co.uk writes:
Hi,
I'm writing a script to help my fellow admins automatically creates user accounts in OpenLDAP 2.4. Can provide copy of script if you would like it.
The issue I have is encrypting the plain text word into passwd format, I found the very helpful slappasswd2.4 which seems to work so I put it into my script:
echo $NEWPASS > /tmp/newpass chmod 400 /tmp/newpass slappasswd2.4 -h {crypt} -T /tmp/newpass > /tmp/passenc chmod 400 /tmp/passenc EPASS=`cat /tmp/passenc`
It creates an entry in the passenc file which looks like this:
{crypt}mHUqpeNah1BOQ
But when i use this as a variable to the 'userpassword:' attribute then try to compare passwds within phpLDAPadmin it fails.
Any hints would be appreciated.
Thanks - I always forget to look in the FAQ!!!!
Have adapted it slightly so my script would now say
EPASS=`perl -e 'print("{CRYPT}".crypt("$NEWPASS","SC")."\n");'`
But the comparison option in phpLDAPadmin still fails. AM I doing this right?
Thx - STuart.
-Dieter
-- Dieter Klünter | Systemberatung sip: 7770535@sipgate.de http://www.dpunkt.de/buecher/2104.html GPG Key ID:8EF7B6C6
Get a free e-mail account with Hotmail. Sign-up now. _________________________________________________________________ http://clk.atdmt.com/UKM/go/195013117/direct/01/
Stuart Cherrington stuart_cherrington@hotmail.co.uk writes:
Sorry to reply to my own reply but I think I worked out why it fails.
The phpLDAPadmin encryption uses random Salt (AKA SaltedHash), which I can disable, but would rather not. So how does I use the Perl::SaltedHash to encrypt a plain text word?
perldoc Crypt::Random http://www.openldap.org/faq/data/cache/419.htm http://www.openldap.org/faq/data/cache/629.html
-Dieter
Dieter,
Thanks for the help - have used the hashit.pl script and called it from my own script.
Cheers,
Stuart.
From: dieter@dkluenter.de To: openldap-technical@openldap.org Subject: Re: slappasswd2.4 output issue Date: Tue, 27 Jul 2010 13:13:54 +0200
Stuart Cherrington stuart_cherrington@hotmail.co.uk writes:
Sorry to reply to my own reply but I think I worked out why it fails.
The phpLDAPadmin encryption uses random Salt (AKA SaltedHash), which I can disable, but would rather not. So how does I use the Perl::SaltedHash to encrypt a plain text word?
perldoc Crypt::Random http://www.openldap.org/faq/data/cache/419.htm http://www.openldap.org/faq/data/cache/629.html
-Dieter
-- Dieter Klünter | Systemberatung sip: 7770535@sipgate.de http://www.dpunkt.de/buecher/2104.html GPG Key ID:8EF7B6C6
_________________________________________________________________ http://clk.atdmt.com/UKM/go/195013117/direct/01/ We want to hear all your funny, exciting and crazy Hotmail stories. Tell us now
openldap-technical@openldap.org
-
Dieter Kluenter -
Stuart Cherrington