Hi,
I am migrating user account entries from an old openldap AD to openldap BDB. Both LDAP client authentications are implemented in Linux, the former in CentOS 5, and the latter in CentOS 6.
But the major problem is that the old openldap AD uses encrypted password in "unixUserPassword:" while the openldap BDB uses base64 "userPassword::".
The option for solution I could think of are:
(a) Convert the encrypted password from unixUserPassword format to userPasswor, then I can use ldapmodify to change userPassword. Is it possible? If it is, appreciate more details.
(b) Change LDAP client authentication to use unixUserPassword. I haven't found any document to configure Linux client authentication to use unixUserPassword.
In fact, I could not find any document regarding details of uing unixUserPassword. Any suggestions, tips and advice are very much appreciated.
Thank you.
Kind regards,
jupiter
Sorry for asking a non-dev question, but I could not find any solution from openldap document, nor from Internet searching.
Thank you and appreciate any advice.
Kind regards,
jupiter
If I'm understanding your question, you need to base64 encode "{crypt}" followed by the old, encrypted value.
You can avoid the base64 by using just one colon in your LDIF add.
On Oct 11, 2013, at 3:51, jupiter jupiter.hce@gmail.com wrote:
Hi,
I am migrating user account entries from an old openldap AD to openldap BDB. Both LDAP client authentications are implemented in Linux, the former in CentOS 5, and the latter in CentOS 6.
But the major problem is that the old openldap AD uses encrypted password in "unixUserPassword:" while the openldap BDB uses base64 "userPassword::".
The option for solution I could think of are:
(a) Convert the encrypted password from unixUserPassword format to userPasswor, then I can use ldapmodify to change userPassword. Is it possible? If it is, appreciate more details.
(b) Change LDAP client authentication to use unixUserPassword. I haven't found any document to configure Linux client authentication to use unixUserPassword.
In fact, I could not find any document regarding details of uing unixUserPassword. Any suggestions, tips and advice are very much appreciated.
Thank you.
Kind regards,
jupiter
Sorry for asking a non-dev question, but I could not find any solution from openldap document, nor from Internet searching.
Thank you and appreciate any advice.
Kind regards,
jupiter
Thanks Chad for your response. Let me clarify the question:
I have old LDAP AD password encryted in unixUserPassword:
unixUserPassword: CNRP!efgh12345$67899
How can I use the encrypted password in unixUserPassword format to userPassword?
If I tried to add the unixUserPassword to an ldif file:
dn: xxxxxxxxx changetype: modify replace: userPassword userPassword: {crypt}CNRP!efgh12345$67899
Then run the command ldapmodify, it did not work, because it is simply that the encrypted password "CNRP!efgh12345$67899" from unixUserPassword is not the {crypt} format (I have no idea what the format for the unixUserPassword is)
I have searched openldap document and Internet, could not find anwser for what type of the encryption used in unixUserPassword and how could I convert the password in unixUserPassword to userPassword in an idif file. Appreciate any advice and helps.
Thank you.
Kind regards,
jupiter
On 10/12/13, Chad Scott cscott@appdynamics.com wrote:
If I'm understanding your question, you need to base64 encode "{crypt}" followed by the old, encrypted value.
You can avoid the base64 by using just one colon in your LDIF add.
On Oct 11, 2013, at 3:51, jupiter jupiter.hce@gmail.com wrote:
Hi,
I am migrating user account entries from an old openldap AD to openldap BDB. Both LDAP client authentications are implemented in Linux, the former in CentOS 5, and the latter in CentOS 6.
But the major problem is that the old openldap AD uses encrypted password in "unixUserPassword:" while the openldap BDB uses base64 "userPassword::".
The option for solution I could think of are:
(a) Convert the encrypted password from unixUserPassword format to userPasswor, then I can use ldapmodify to change userPassword. Is it possible? If it is, appreciate more details.
(b) Change LDAP client authentication to use unixUserPassword. I haven't found any document to configure Linux client authentication to use unixUserPassword.
In fact, I could not find any document regarding details of uing unixUserPassword. Any suggestions, tips and advice are very much appreciated.
Thank you.
Kind regards,
jupiter
Sorry for asking a non-dev question, but I could not find any solution from openldap document, nor from Internet searching.
Thank you and appreciate any advice.
Kind regards,
jupiter
That doesn't really look like a "crypt"ed password. Do you know what format it is in? slapd supports numerous encryption schemes.
On Fri, Oct 11, 2013 at 4:19 PM, jupiter jupiter.hce@gmail.com wrote:
Thanks Chad for your response. Let me clarify the question:
I have old LDAP AD password encryted in unixUserPassword:
unixUserPassword: CNRP!efgh12345$67899
How can I use the encrypted password in unixUserPassword format to userPassword?
If I tried to add the unixUserPassword to an ldif file:
dn: xxxxxxxxx changetype: modify replace: userPassword userPassword: {crypt}CNRP!efgh12345$67899
Then run the command ldapmodify, it did not work, because it is simply that the encrypted password "CNRP!efgh12345$67899" from unixUserPassword is not the {crypt} format (I have no idea what the format for the unixUserPassword is)
I have searched openldap document and Internet, could not find anwser for what type of the encryption used in unixUserPassword and how could I convert the password in unixUserPassword to userPassword in an idif file. Appreciate any advice and helps.
Thank you.
Kind regards,
jupiter
On 10/12/13, Chad Scott cscott@appdynamics.com wrote:
If I'm understanding your question, you need to base64 encode "{crypt}" followed by the old, encrypted value.
You can avoid the base64 by using just one colon in your LDIF add.
On Oct 11, 2013, at 3:51, jupiter jupiter.hce@gmail.com wrote:
Hi,
I am migrating user account entries from an old openldap AD to openldap BDB. Both LDAP client authentications are implemented in Linux, the former in CentOS 5, and the latter in CentOS 6.
But the major problem is that the old openldap AD uses encrypted password in "unixUserPassword:" while the openldap BDB uses base64 "userPassword::".
The option for solution I could think of are:
(a) Convert the encrypted password from unixUserPassword format to userPasswor, then I can use ldapmodify to change userPassword. Is it possible? If it is, appreciate more details.
(b) Change LDAP client authentication to use unixUserPassword. I haven't found any document to configure Linux client authentication to use unixUserPassword.
In fact, I could not find any document regarding details of uing unixUserPassword. Any suggestions, tips and advice are very much appreciated.
Thank you.
Kind regards,
jupiter
Sorry for asking a non-dev question, but I could not find any solution from openldap document, nor from Internet searching.
Thank you and appreciate any advice.
Kind regards,
jupiter
Hi Chad,
On 10/12/13, Chad Scott cscott@appdynamics.com wrote:
That doesn't really look like a "crypt"ed password. Do you know what format it is in? slapd supports numerous encryption schemes.
I don't know what encryption type for unixUserPassword and I could not find from searching Internet either.
I got it from openldap server using Microsoft Active Directory database.
I have been trying to check slappasswd in different encryption type MD5, etc, but no luck.
On Fri, Oct 11, 2013 at 4:19 PM, jupiter jupiter.hce@gmail.com wrote:
Thanks Chad for your response. Let me clarify the question:
I have old LDAP AD password encryted in unixUserPassword:
unixUserPassword: CNRP!efgh12345$67899
How can I use the encrypted password in unixUserPassword format to userPassword?
If I tried to add the unixUserPassword to an ldif file:
dn: xxxxxxxxx changetype: modify replace: userPassword userPassword: {crypt}CNRP!efgh12345$67899
Then run the command ldapmodify, it did not work, because it is simply that the encrypted password "CNRP!efgh12345$67899" from unixUserPassword is not the {crypt} format (I have no idea what the format for the unixUserPassword is)
I have searched openldap document and Internet, could not find anwser for what type of the encryption used in unixUserPassword and how could I convert the password in unixUserPassword to userPassword in an idif file. Appreciate any advice and helps.
Thank you.
Kind regards,
jupiter
On 10/12/13, Chad Scott cscott@appdynamics.com wrote:
If I'm understanding your question, you need to base64 encode "{crypt}" followed by the old, encrypted value.
You can avoid the base64 by using just one colon in your LDIF add.
On Oct 11, 2013, at 3:51, jupiter jupiter.hce@gmail.com wrote:
Hi,
I am migrating user account entries from an old openldap AD to openldap BDB. Both LDAP client authentications are implemented in Linux, the former in CentOS 5, and the latter in CentOS 6.
But the major problem is that the old openldap AD uses encrypted password in "unixUserPassword:" while the openldap BDB uses base64 "userPassword::".
The option for solution I could think of are:
(a) Convert the encrypted password from unixUserPassword format to userPasswor, then I can use ldapmodify to change userPassword. Is it possible? If it is, appreciate more details.
(b) Change LDAP client authentication to use unixUserPassword. I haven't found any document to configure Linux client authentication to use unixUserPassword.
In fact, I could not find any document regarding details of uing unixUserPassword. Any suggestions, tips and advice are very much appreciated.
Thank you.
Kind regards,
jupiter
Sorry for asking a non-dev question, but I could not find any solution from openldap document, nor from Internet searching.
Thank you and appreciate any advice.
Kind regards,
jupiter
openldap-technical@openldap.org