On 08/05/2012 01:15 PM, Fosiul Alam wrote:
Hi
thanks its works fine. perfectly
Thanks for your help
You should only pass clear text passwords to the directory server. e.g.
in your LDIF:
userPassword: thecleartextpassword
and let the directory server do the hashing for you. Using pre-hashed
passwords defeats password checking. If you do not want to pass these
over an unencrypted channel, then set up TLS/SSL first.
If you feel you must generate pre-hashed passwords (strongly
discouraged) please use the pwdhash command line tool provided with 389
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Shell_Scripts.html#Shell_Scripts-pwdhash_Print_encrypted_password
On Sun, Aug 5, 2012 at 7:24 PM, Fosiul Alam<fosiul@xxxxxxxxx> wrote:
Hi thanks for the script
one thing i am still confused is
suppose i want to give password "test123" as default password at time
of user creating
how will i create this password and will put that one in
userPassword: ???
On Sun, Aug 5, 2012 at 6:29 PM, Grzegorz Dwornicki<gd1100@xxxxxxxxx> wrote:
Here it is. I was using it to change password on openldap + samba using
ldap. Samba has its own password attribute. This script takes password from
user, encrypt it in crypt + call smbpasswd to set password aswell.
$ cat sambaldapnewpass
#!/bin/bash
#ask user for password:
BASEDN="dc=org1,dc=county"
USERDN="dc=domain1"
BASEDIR=/home/lol87
#login LDAP format: uid=$LOGIN,$USERDN,$BASEDN
if [ -e $1 ];
then
echo "Login"
read LOGIN
else
LOGIN=$1
fi
stty -echo
PASS=s
PASS2=w
while [ $PASS != $PASS2 ];
do
echo "new password:"
read PASS
echo "repeat new password:"
read PASS2
done
stty echo
echo $PASS> $BASEDIR/${LOGIN}.tmp
chmod 400 $BASEDIR/${LOGIN}.tmp
#generate new password for LDAP:
LDAPPASS=$(slappasswd -n -h '{crypt}' -c '$6$%.27s' -T $BASEDIR/${LOGIN}.tmp
-n)
echo $LDAPPASS
rm $BASEDIR/${LOGIN}.tmp
cat $BASEDIR/passchange.ldif | sed ' s/LDAPLOGIN/'$LOGIN'/ ' | sed '
s/BASEDN/'$BASEDN'/ ' | sed ' s/USERDN/'$USERDN'/ '>
$BASEDIR/passchange_tmp.ldif
echo "userPassword: $LDAPPASS">> $BASEDIR/passchange_tmp.ldif
ldapmodify -x -D "cn=admin,dc=domain1,dc=org1,dc=county" -w some_password<
$BASEDIR/passchange_tmp.ldif
#rm $BASEDIR/passchange_tmp.ldif
and now:
$ cat passchange.ldif
dn: uid=LDAPLOGIN,USERDN,BASEDN
changetype: modify
replace: userPassword
You may need to change:
slappasswd -n -h '{crypt}' -c '$6$%.27s' -T $BASEDIR/${LOGIN}.tmp -n
paremeter of -c option defines salt. In my experience i saw many Linux
distros having diferent salt. Part "$6$" is required (look in man page of
crypt function) and "%.27s" means to generate 27chars for salt. More details
you may found in man page of slappasswd. Option -h tells slappasswd to use
format provided as parameter in this case crypt.
I did not use it for some time soo please treat this as a template for your
script. I hope this will help you.
Greg.
2012/8/5 Fosiul Alam<fosiul@xxxxxxxxx>
Hi Thanks
i cant use GUI as the script should take care everything
I think it would sha1 .
i will try to find a solution if i cant please post your script here
it would be really helpful
thanks
On Sun, Aug 5, 2012 at 3:49 PM, Grzegorz Dwornicki<gd1100@xxxxxxxxx>
wrote:
You can use gui. Just edit user account and type thre new password.
Directory server should encypt it before updating the entry in database.
If you use slappasswd without any parameters it will ask for password
and
generate sha1 hash for you. To use crypt you need to set format to
crypt,
and set proper salt.
I shold have on my pc example script using slappasswd i wrote it some
time
ago. I can't post it now bcause at the moment im on the bus. If no one
will
post example of using slappasswd then I will later. Unless you will find
solution first.
Greg.
Send from htc desire z
05-08-2012 15:34, "Fosiul Alam"<fosiul@xxxxxxxxx> napisał(a):
HI
Thanks for reply
I am using Directory Server 389
and I am using a script to create the ldif file
So some how i will have to create userpassword ..
But dont understand .. whats the way to do that
From GUI interface i can create password easily
so whats the syntax to create userpassword ??
Regards
On Sun, Aug 5, 2012 at 2:25 PM, Christopher Wood
<christopher_wood@xxxxxxxxx> wrote:
Perhaps use slappasswd?
On Sun, Aug 05, 2012 at 01:58:33PM +0100, Fosiul Alam wrote:
Hi
I am generating the ldif by script.
but i cant understand how will i generate the userpassword.
userPassword: {crypt}x
how this crypt or hash working
Please give me some lights on this.
Regards
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
