Thanks Mark, I located all of the relevant information. I’m in the middle of testing everything now. I appreciate your help! Relevant information for people who land here from some search: http://directory.fedoraproject.org/wiki/Password_Administrator On Mar 10, 2014, at 10:31 AM, Steven Crothers <steven.crothers@xxxxxxxxx> wrote: > I am indeed using 1.3.2, I’m going to research the “Password Administrators” feature myself. > > If you have the information on hand, that would be greatly appreciated. :) > > Thanks for setting me in the right direction! > > On Mar 10, 2014, at 10:25 AM, Mark Reynolds <mareynol@xxxxxxxxxx> wrote: > >> Steven, >> >> What version of 389 are you using? >> >> You can import it using the ldif2db command line tools. Trying to add it using ldapmodify is "not" importing an ldif. There are explicit checks that do not allow to add a prehashed password when adding an entry this way. >> >> There is a new "Password Administrators" feature in 1.3.1, where a "Password Admin" can add prehashed passwords using ldapmodify. >> >> But for now, if you just use ldif2db/ldif2db.pl you can add that LDIF without issue. >> >> Regards, >> Mark >> >> >> On 03/08/2014 11:35 PM, Steven Crothers wrote: >>> Hello, >>> >>> I'm trying to accomplish a poor mans replication from OpenDS from >>> Oracle/Sun. Basically the logic is as follows: >>> >>> OpenDS is attached to our corporate IDM. >>> User is managed in OpenDS. >>> User updates information in OpenDS. >>> OpenDS read-replica is updated in our local read-slave. >>> Python script notices there was a change in our local read-slave. >>> Script isolates the change from our read-slave and sends the DNs to >>> sync to my 389 (FreeIPA) server. >>> FreeIPA replica receives input over the network from notification >>> agent which includes DNs. >>> DNs attributes are re-organized (OpenDS doesn't use anything logical, >>> all 100% custom attributes/objectclasses). >>> DNs with re-organized attributes are inserted/updated in 389 server >>> (FreeIPA), minus the updated SSHA password hash. >>> >>> I get an error saying that adding pre-encoded passwords isn't allowed. >>> But, that makes me say "How the hell do you import an LDIF" backup, >>> and frankly, I can't find anything on the subject (albeit, I >>> admittedly didn't quite know how to search this issue either). >>> >>> I've never seen a server not accept pre-encoded password hashes (or at >>> least I don't recall this specific error in OpenDS/LDAP), so my >>> question is, how can I store the SSHA password hash from OpenDS in my >>> 389server (FreeIPA) server? >>> >>> Steven Crothers >>> steven.crothers@xxxxxxxxx >>> -- >>> 389 users mailing list >>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>> https://admin.fedoraproject.org/mailman/listinfo/389-users >> >> -- >> Mark Reynolds >> 389 Development Team >> Red Hat, Inc >> mreynolds@xxxxxxxxxx >> > -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
