Re: Importing Pre-Hashed Passwords

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Steven,

What version of 389 are you using?
You can import it using the ldif2db command line tools. Trying to add it using ldapmodify is "not" importing an ldif. There are explicit checks that do not allow to add a prehashed password when adding an entry this way.
There is a new "Password Administrators" feature in 1.3.1, where a "Password Admin" can add prehashed passwords using ldapmodify.
But for now, if you just use ldif2db/ldif2db.pl you can add that LDIF without issue. 

Regards,
Mark


On 03/08/2014 11:35 PM, Steven Crothers wrote:

Hello,

I'm trying to accomplish a poor mans replication from OpenDS from
Oracle/Sun. Basically the logic is as follows:

OpenDS is attached to our corporate IDM.
User is managed in OpenDS.
User updates information in OpenDS.
OpenDS read-replica is updated in our local read-slave.
Python script notices there was a change in our local read-slave.
Script isolates the change from our read-slave and sends the DNs to
sync to my 389 (FreeIPA) server.
FreeIPA replica receives input over the network from notification
agent which includes DNs.
DNs attributes are re-organized (OpenDS doesn't use anything logical,
all 100% custom attributes/objectclasses).
DNs with re-organized attributes are inserted/updated in 389 server
(FreeIPA), minus the updated SSHA password hash.

I get an error saying that adding pre-encoded passwords isn't allowed.
But, that makes me say "How the hell do you import an LDIF" backup,
and frankly, I can't find anything on the subject (albeit, I
admittedly didn't quite know how to search this issue either).

I've never seen a server not accept pre-encoded password hashes (or at
least I don't recall this specific error in OpenDS/LDAP), so my
question is, how can I store the SSHA password hash from OpenDS in my
389server (FreeIPA) server?

Steven Crothers
steven.crothers@xxxxxxxxx
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
Mark Reynolds
389 Development Team
Red Hat, Inc
mreynolds@xxxxxxxxxx

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux