--On Thursday, August 29, 2013 12:35 AM +0000 Clint Petty cpetty@luthresearch.com wrote:
After upgrading from OpenLDAP 2.4.23 to 2.4.36, I can no longer add a user:
# ldapadd -x -D "cn=Manager,dc=luthresearch,dc=net" -w secret -f # /etc/openldap/adduser.ldif
Check Your config for RootPW and whether the hash algorithm used is still supported by Your build of OpenLDAP.
Had a similar problem on an old server because --enable-crypt was not set when building OpenLDAP 2.4.36.
You can check that by using slappasswd to create a String like the one used in Your config:
# /usr/local/sbin/slappasswd -s secret -h '{crypt}' Password generation failed for scheme {crypt}: scheme not recognized
--Jürgen Sprenger
From: Juergen.Sprenger@swisscom.com To: cpetty@luthresearch.com, openldap-technical@openldap.org Date: 08/29/2013 09:48 AM Subject: RE: ldapadd "ldap_bind: Invalid credentials (49)" Sent by: openldap-technical-bounces@OpenLDAP.org
--On Thursday, August 29, 2013 12:35 AM +0000 Clint Petty cpetty@luthresearch.com wrote:
After upgrading from OpenLDAP 2.4.23 to 2.4.36, I can no longer add a user:
# ldapadd -x -D "cn=Manager,dc=luthresearch,dc=net" -w secret -f # /etc/openldap/adduser.ldif
Check Your config for RootPW and whether the hash algorithm used is still supported by Your build of OpenLDAP.
Had a similar problem on an old server because --enable-crypt was not set when building OpenLDAP 2.4.36.
You can check that by using slappasswd to create a String like the one used in Your config:
# /usr/local/sbin/slappasswd -s secret -h '{crypt}' Password generation failed for scheme {crypt}: scheme not recognized
--Jürgen Sprenger
I tried this on two servers and got two different results. Does this mean that I have different hashes? That might be part of the wrong credentials I am getting.
Thanks, Eric -- This message has been scanned for viruses and dangerous content, and is believed to be clean. Message id: EA925600DEA.A40A9
This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS § 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
--On Thursday, August 29, 2013 9:59 AM -0500 espeake@oreillyauto.com wrote:
I tried this on two servers and got two different results. Does this mean that I have different hashes? That might be part of the wrong credentials I am getting.
No, that doesn't imply anything, because the salt changes every time you run the command.
[zimbra@ldap01-zcs ~]$ /opt/zimbra/openldap/sbin/slappasswd -s test {SSHA}LVmfK8GNSDSH2nMxhsvrtXMqJwNJ2Vm+ [zimbra@ldap01-zcs ~]$ /opt/zimbra/openldap/sbin/slappasswd -s test {SSHA}FzozyUcP06Tg+Fw1nZuI9IzICzGSAX/g [zimbra@ldap01-zcs ~]$ /opt/zimbra/openldap/sbin/slappasswd -s test {SSHA}sW+DsjIX7F3tAds9AKvgtsAmGVtgfSQI [zimbra@ldap01-zcs ~]$ /opt/zimbra/openldap/sbin/slappasswd -s test {SSHA}ijXIyL21bfh66AwGkFgEDx4fCafI8rQ1 [zimbra@ldap01-zcs ~]$ /opt/zimbra/openldap/sbin/slappasswd -s test {SSHA}g+1Req30YxW122v1NKl1yL4+z3F0eqnD
What you would need to do is see what type of hash was being used for that particular user. Or it may be simpler to just reset the password for that user, to make sure it updates to a current scheme.
--Quanah
--
Quanah Gibson-Mount Lead Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
espeake@oreillyauto.com -
Juergen.Sprenger@swisscom.com -
Quanah Gibson-Mount