Hello, thank you.
I changed passwd.byname and passwd.byuid map from
crypt\}(..*)
to
^\\{crypt\}(..*)
It works perfectly. Thanks for help!!!
Do you know if command passwd is possible? Because I get:
xxxxx tst# passwd
Changing password for user tst.
Changing password for tst
(current) UNIX password:
New UNIX password:
Retype new UNIX password:
passwd: Failed preliminary check by password service
Br, cnu80
-----Original Message-----
From: 389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Nalin Dahyabhai
Sent: Mittwoch, 18. Mai 2011 23:26
To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [389-users] NIS 389 Directory Server
On Wed, May 18, 2011 at 10:28:49PM +0200, Neuhold Christian (TSA) wrote:
> Hello, thanks for tip with "{CRYPT}". I made some testing and played with nis-value-format:
>
> [root@xxx ~]# ypcat users | grep tst
> tst:{crypt}xOf6b2C9ZsCsA:1346:21:Test:/user/tst:/bin/csh
>
> --> Definition from users in dse.ldif:
> dn: nis-domain=amsint+nis-map=users,cn=NIS Server,cn=plugins,cn=config
> objectClass: extensibleObject
> objectClass: top
> nis-domain: amsint
> nis-map: users
> nis-base: ou=People, dc=amsint, dc=com
> nis-filter: (objectClass=posixAccount)
> nis-key-format: %{uid}
> nis-value-format: %{uid}:%{userPassword}:%{uidNumber}:%{gidNumber}:%{cn}:%{homeDirectory}:%{loginShell}
That's probably not a good idea -- if you have a plaintext user
password, it'll show up in this field as plaintext. If you have
passwords hashed using mechanisms other than crypt() (like {SSHA}) the
hashes will show up here even though your client machines won't know
what to do with them, but that's less of an issue.
> --> So I tried with this definition:
> dn: nis-domain=amsint+nis-map=users2,cn=NIS Server,cn=plugins,cn=config
> objectClass: extensibleObject
> objectClass: top
> nis-domain: amsint
> nis-map: users2
> nis-base: ou=People, dc=amsint, dc=com
> nis-filter: (objectClass=posixAccount)
> nis-key-format: %{uid}
> nis-value-format: %{uid}:%regsub("%{userPassword}","^\{crypt\}(..*)","%1","*")
> :%{uidNumber}:%{gidNumber}:%{gecos:-%{cn:-Some Unnamed User},,,}:%{homeDirec
> tory}:%{loginShell:-/bin/bash}
>
> --> {crypt} vs. {CRYPT} but still:
> [root@xxx ~]# ypcat users2 | grep tst
> tst:*:1346:21:Test:/user/tst:/bin/csh
Quoting gets pretty complicated rather quickly here -- the way you've
written this expression, I think you'd want to start with "^\\{" to
include a literal "\" in the regular expression. You can run
"nisserver-plugin-defs -m passwd.byname" to pull up the defaults.
> --> So I tried again with:
> dn: nis-domain=amsint+nis-map=users3,cn=NIS Server,cn=plugins,cn=config
> objectClass: extensibleObject
> objectClass: top
> nis-domain: amsint
> nis-map: users3
> nis-base: ou=People, dc=amsint, dc=com
> nis-filter: (objectClass=posixAccount)
> nis-key-format: %{uid}
> nis-value-format: %{uid}:%regsub("%{userPassword}","crypt\}(..*)","%1","*"):%{
> uidNumber}:%{gidNumber}:%{gecos:-%{cn:-Some Unnamed User},,,}:%{homeDirector
> y}:%{loginShell:-/bin/bash}
>
> --> {crypt} vs. crypt\} and now:
> [root@xxx ~]# ypcat users3 | grep tst
> tst:xOf6b2C9ZsCsA:1346:21:Test:/user/tst:/bin/csh
>
> But why ?
The "{CRYPT}" prefix is checked for in a case-sensitive manner, so if
the values you have actually start with "{crypt}", then that'd explain
why this nis-value-format causes the desired value to show up and the
default doesn't.
HTH,
Nalin
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~
This message may contain confidential and/or privileged information intended
only for the addressee.
If you are not the addressee or authorized to receive this for the
addressee, you must not use, copy, disclose or take any action based
on this message or any information herein. If you have received this
message in error, please advise the sender immediately by reply e-mail and
delete this message. Any views expressed in this message are those of the
individual sender and may not necessarily reflect the
opinions of austriamicrosystems AG.
-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~-~^~
Diese E-Mail enthaelt moeglicherweise vertrauliche und/oder rechtlich
geschuetzte Informationen.
Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich
erhalten haben, informieren Sie bitte sofort den Absender und loeschen Sie
diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser
Mail ist nicht gestattet. Etwaige in dieser E-mail geaeusserte Ansichten und
Meinungen stammen vom Versender dieser Nachricht und muessen nicht
notwendigerweise mit den Meinungen und Ansichten von austriamicrosystems AG
uebereinstimmen.
~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~.~-~
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
