LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   importing users into openldap, with already existing passwds (https://www.linuxquestions.org/questions/linux-server-73/importing-users-into-openldap-with-already-existing-passwds-642716/)

kcorupe 05-16-2008 01:52 PM
importing users into openldap, with already existing passwds
 
I wrote a script to create an ldif file out of a list of usernames and md5 passwds from a psql db, that I use for apache auth. But their original passwords are not working.

The usernames are just a list, and the passwds are just a list in md5 format as well. They are importing correctly, and I can see them in phpldapadmin in the correct area as all the other users.


Here is an example of one of the ldif files I am importing as a test:

Code:
dn: uid=test5,ou=Users,dc=corpedia,dc=internal
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: posixAccount
userPassword: {md5}2b3a1858080c5c2ef9b5b813a6a3b1ea
uid: test5
uidNumber: 7040
gidNumber: 1999
homeDirectory: /home/test5/
cn: test5
sn: test5
Here is the output from when I add the user:

Code:
[kylec@heracross tmp]$ ldapadd -H ldaps://*******.*******.internal -x -D "cn=admin,dc=**********,dc=internal" -f ldaptest.dif -W
Enter LDAP Password:
adding new entry "uid=test6,ou=Users,dc=corpedia,dc=internal"

Here is what I see in the ldap log as the user tries to authenticate via apache mod_ldap with his original md5 passwd from psql, he fails.

Code:
>>> dnPrettyNormal: <uid=test6,ou=Users,dc=corpedia,dc=internal>
=> ldap_bv2dn(uid=test6,ou=Users,dc=corpedia,dc=internal,0)
<= ldap_bv2dn(uid=test6,ou=Users,dc=corpedia,dc=internal)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=test6,ou=Users,dc=corpedia,dc=internal)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=test6,ou=users,dc=corpedia,dc=internal)=0
<<< dnPrettyNormal: <uid=test6,ou=Users,dc=corpedia,dc=internal>, <uid=test6,ou=users,dc=corpedia,dc=internal>
do_bind: version=3 dn="uid=test6,ou=Users,dc=corpedia,dc=internal" method=128
==> bdb_bind: dn: uid=test6,ou=Users,dc=corpedia,dc=internal
bdb_dn2entry("uid=test6,ou=users,dc=corpedia,dc=internal")
send_ldap_result: conn=82 op=5 p=3
send_ldap_result: err=49 matched="" text=""
send_ldap_response: msgid=6 tag=97 err=49
ber_flush: 14 bytes to sd 23
connection_get(23)
connection_get(23): got connid=82
connection_read(23): checking for input on id=82
ber_get_next
ber_get_next: tag 0x30 len 5 contents:
ber_get_next
do_unbind
ber_get_next on fd 23 failed errno=0 (Success)
Once I set the passwd like this:

Code:
[kylec@********* ~]$ ldappasswd -D "cn=admin,dc=********,dc=internal" -W -H ldaps://********.********.internal -x "uid=test5,ou=Users,dc=********,dc=internal"
Enter LDAP Password:
New password: T2KTlYdb
Result: Success (0)
He can now login successfully.

Any ideas? Is the format possibly wrong for that md5 line? Can I even do what I'm trying to do?

Thanks for any help!

kcorupe 05-16-2008 02:36 PM
something that I just realised, for some reason openldap is encoding the password differently.

With phpldapadmin I created a user with an md5 passwd the same as the one I was using before and it was encoded differently I believe. (I changed like 1 char in each because its a used pass, but you can see how they are different)

{MD5}KzoYWAgMXC75tbgTpqOx6x==

{MD5}2b3a1858080c5c2ef9b5b813a6a3b1ea


Does anyone know what I can do about this?


All times are GMT -5. The time now is 04:22 PM.