Hello, thank you. I changed passwd.byname and passwd.byuid map from crypt\}(..*) to ^\\{crypt\}(..*) It works perfectly. Thanks for help!!! Do you know if command passwd is possible? Because I get: xxxxx tst# passwd Changing password for user tst. Changing password for tst (current) UNIX password: New UNIX password: Retype new UNIX password: passwd: Failed preliminary check by password service Br, cnu80 -----Original Message----- From: 389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Nalin Dahyabhai Sent: Mittwoch, 18. Mai 2011 23:26 To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx Subject: Re: [389-users] NIS 389 Directory Server On Wed, May 18, 2011 at 10:28:49PM +0200, Neuhold Christian (TSA) wrote: > Hello, thanks for tip with "{CRYPT}". I made some testing and played with nis-value-format: > > [root@xxx ~]# ypcat users | grep tst > tst:{crypt}xOf6b2C9ZsCsA:1346:21:Test:/user/tst:/bin/csh > > --> Definition from users in dse.ldif: > dn: nis-domain=amsint+nis-map=users,cn=NIS Server,cn=plugins,cn=config > objectClass: extensibleObject > objectClass: top > nis-domain: amsint > nis-map: users > nis-base: ou=People, dc=amsint, dc=com > nis-filter: (objectClass=posixAccount) > nis-key-format: %{uid} > nis-value-format: %{uid}:%{userPassword}:%{uidNumber}:%{gidNumber}:%{cn}:%{homeDirectory}:%{loginShell} That's probably not a good idea -- if you have a plaintext user password, it'll show up in this field as plaintext. If you have passwords hashed using mechanisms other than crypt() (like {SSHA}) the hashes will show up here even though your client machines won't know what to do with them, but that's less of an issue. > --> So I tried with this definition: > dn: nis-domain=amsint+nis-map=users2,cn=NIS Server,cn=plugins,cn=config > objectClass: extensibleObject > objectClass: top > nis-domain: amsint > nis-map: users2 > nis-base: ou=People, dc=amsint, dc=com > nis-filter: (objectClass=posixAccount) > nis-key-format: %{uid} > nis-value-format: %{uid}:%regsub("%{userPassword}","^\{crypt\}(..*)","%1","*") > :%{uidNumber}:%{gidNumber}:%{gecos:-%{cn:-Some Unnamed User},,,}:%{homeDirec > tory}:%{loginShell:-/bin/bash} > > --> {crypt} vs. {CRYPT} but still: > [root@xxx ~]# ypcat users2 | grep tst > tst:*:1346:21:Test:/user/tst:/bin/csh Quoting gets pretty complicated rather quickly here -- the way you've written this expression, I think you'd want to start with "^\\{" to include a literal "\" in the regular expression. You can run "nisserver-plugin-defs -m passwd.byname" to pull up the defaults. > --> So I tried again with: > dn: nis-domain=amsint+nis-map=users3,cn=NIS Server,cn=plugins,cn=config > objectClass: extensibleObject > objectClass: top > nis-domain: amsint > nis-map: users3 > nis-base: ou=People, dc=amsint, dc=com > nis-filter: (objectClass=posixAccount) > nis-key-format: %{uid} > nis-value-format: %{uid}:%regsub("%{userPassword}","crypt\}(..*)","%1","*"):%{ > uidNumber}:%{gidNumber}:%{gecos:-%{cn:-Some Unnamed User},,,}:%{homeDirector > y}:%{loginShell:-/bin/bash} > > --> {crypt} vs. crypt\} and now: > [root@xxx ~]# ypcat users3 | grep tst > tst:xOf6b2C9ZsCsA:1346:21:Test:/user/tst:/bin/csh > > But why ? The "{CRYPT}" prefix is checked for in a case-sensitive manner, so if the values you have actually start with "{crypt}", then that'd explain why this nis-value-format causes the desired value to show up and the default doesn't. HTH, Nalin -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users -~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~ This message may contain confidential and/or privileged information intended only for the addressee. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Any views expressed in this message are those of the individual sender and may not necessarily reflect the opinions of austriamicrosystems AG. -~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~ Diese E-Mail enthaelt moeglicherweise vertrauliche und/oder rechtlich geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und loeschen Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. Etwaige in dieser E-mail geaeusserte Ansichten und Meinungen stammen vom Versender dieser Nachricht und muessen nicht notwendigerweise mit den Meinungen und Ansichten von austriamicrosystems AG uebereinstimmen. ~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~ -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users