That sounds reasonable; but it doesn't appear to work. Let me go into the details a little more: 1. FDS + Samba3 on one server with user's passwords stored as SSHA Hashed values. 2. New OpenLDAP install on a different server (used by other services on that machine, and no they won't play nice w/ external ldap server); this server is also setup (already) to store passwords using SSHA. 3. We want to copy the hashed password value from FDS and put in it into the OpenLDAP server as the userPassword attribute for the users; however the other server is using a different sha seed, therefore when it tries to compare the value entered by the user to the stored value it fails (as it is using its own seed to re-hash the password and do the comparison). So that's where we stand. Currently have been told to simply set all users in the OpenLDAP to a default value and make them reset their passwords on that server if they want to. Mike Jackson wrote: > Robert r. Sanders wrote: >> Yeah, but what I want to do is copy the HASH from one server to the >> other. >> >> > > In that case, you don't need to do anything. > > If you have FDS set to do hashing in SSHA, and you send a cleartext > string as a userPassword modify, then FDS SSHA hashes it for you. > > If you send a string prefixed with {SSHA} as a userPassword modify, > FDS does not hash it for you. > > -- > mike > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- Robert r. Sanders Chief Technologist iPOV (334) 821-5412 www.ipov.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20060525/d53d0f7e/attachment.html