Re: [389-users] NIS 389 Directory Server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello, thanks for tip with "{CRYPT}". I made some testing and played with nis-value-format:
 
[root@xxx ~]# ypcat users | grep tst
tst:{crypt}xOf6b2C9ZsCsA:1346:21:Test:/user/tst:/bin/csh

--> Definition from users in dse.ldif:
dn: nis-domain=amsint+nis-map=users,cn=NIS Server,cn=plugins,cn=config
objectClass: extensibleObject
objectClass: top
nis-domain: amsint
nis-map: users
nis-base: ou=People, dc=amsint, dc=com
nis-filter: (objectClass=posixAccount)
nis-key-format: %{uid}
nis-value-format: %{uid}:%{userPassword}:%{uidNumber}:%{gidNumber}:%{cn}:%{homeDirectory}:%{loginShell}

--> So I tried with this definition:
dn: nis-domain=amsint+nis-map=users2,cn=NIS Server,cn=plugins,cn=config
objectClass: extensibleObject
objectClass: top
nis-domain: amsint
nis-map: users2
nis-base: ou=People, dc=amsint, dc=com
nis-filter: (objectClass=posixAccount)
nis-key-format: %{uid}
nis-value-format: %{uid}:%regsub("%{userPassword}","^\{crypt\}(..*)","%1","*")
 :%{uidNumber}:%{gidNumber}:%{gecos:-%{cn:-Some Unnamed User},,,}:%{homeDirec
 tory}:%{loginShell:-/bin/bash}


--> {crypt} vs. {CRYPT} but still:
[root@xxx ~]# ypcat users2 | grep tst
tst:*:1346:21:Test:/user/tst:/bin/csh


--> So I tried again with:
dn: nis-domain=amsint+nis-map=users3,cn=NIS Server,cn=plugins,cn=config
objectClass: extensibleObject
objectClass: top
nis-domain: amsint
nis-map: users3
nis-base: ou=People, dc=amsint, dc=com
nis-filter: (objectClass=posixAccount)
nis-key-format: %{uid}
nis-value-format: %{uid}:%regsub("%{userPassword}","crypt\}(..*)","%1","*"):%{
 uidNumber}:%{gidNumber}:%{gecos:-%{cn:-Some Unnamed User},,,}:%{homeDirector
 y}:%{loginShell:-/bin/bash}

--> {crypt} vs. crypt\} and now:
[root@xxx ~]# ypcat users3 | grep tst
tst:xOf6b2C9ZsCsA:1346:21:Test:/user/tst:/bin/csh

But why ?

Br, cnu80


-----Original Message-----
From: 389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Nalin Dahyabhai
Sent: Mittwoch, 18. Mai 2011 17:27
To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [389-users] NIS 389 Directory Server

On Wed, May 18, 2011 at 01:22:21PM +0200, Neuhold Christian (TSA) wrote:
>    ypcat passwd old system:
> 
>    [root@xxx slapd-xxx]# ypcat passwd | grep tst
> 
>    tst:*:1346:21:Test:/user/tst:/bin/csh
> 
>    ypcat passwd new system:
> 
>    [root@xxx ~]# ypcat passwd | grep tst
> 
>    tst:xOf6bdfgZsCsA:1346:21:Test:/user/tst:/bin/csh
> 
>    Is it possible to provide the password hash with
>    slapi-nis/389-directory server?

It should be.  It's certainly the intention, at least.

By default, if an entry's userPassword attribute contains a
crypt-compatible hash (i.e., if it's marked as such by starting with
"{CRYPT}"), the value will be provided to clients as part of the entry
in the two passwd maps.  Just to be clear, that's what you're after,
right?

Do you have the LDIF for a sample user?

HTH,

Nalin
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~

This message may contain confidential and/or privileged information intended 
only for the addressee.

If you are not the addressee or authorized to receive this for the
addressee, you must not use, copy, disclose or take any action based
on this message or any information herein. If you have received this 
message in error, please advise the sender immediately by reply e-mail and 
delete this message. Any views expressed in this message are those of the 
individual sender and may not necessarily reflect the 
opinions of austriamicrosystems AG.

-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~

Diese E-Mail enthaelt moeglicherweise vertrauliche und/oder rechtlich 
geschuetzte Informationen.

Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich 
erhalten haben, informieren Sie bitte sofort den Absender und loeschen Sie 
diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser 
Mail ist nicht gestattet. Etwaige in dieser E-mail geaeusserte Ansichten und
Meinungen stammen vom Versender dieser Nachricht und muessen nicht 
notwendigerweise mit den Meinungen und Ansichten von austriamicrosystems AG 
uebereinstimmen.

~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux