On 06/15/2017 07:48 AM, Blaz Kalan wrote:
> Hi,
>
> Sorry, I checked again and we use base64 coded passwords:
> userPassword:: e01ENX1VSnlnNGJSbmcxRlB1NE43ZFlWYkdnPT0=
The server always base64 ecodes passwords - that is fine and expected
>
> what do you suggest in this case?
>
> But even if I try with md5, I get an error.
>
> ldif:
> dn: uid=mnadmin,ou=User,l=Kranj,c=SI
> uid: mnadmin
> objectClass: inetOrgPerson
> objectClass: organizationalPerson
> objectClass: person
> objectClass: itUserOC
> description: Administrator
> sn: mnadmin
> cn: mnadmin
> userPassword: {MD5}CY9rzUYh03PK3k6DJie09g==
> structuralObjectClass: inetOrgPerson
> nsuniqueid: 2cec3dde-17dd-1035-945a-f5630028a5a6
> creatorsName: cn=ldapadmin,l=Kranj,c=SI
> createTimestamp: 20151105074714Z
> itUserLocked: FALSE
> itSuperUser: TRUE
> itPasswordExpire: 200504101330Z
> itLastLogin: 200504101330Z
> modifiersName: uid=mnadmin,ou=User,l=Kranj,c=SI
> modifyTimestamp: 20151105074859Z
>
>
> error:
> Error adding object 'dn: uid=mnadmin,ou=User,l=Kranj,c=SI'. The error sent by the server was 'Constraint violation. invalid password syntax - passwords with storage scheme are not allowed'. The object is: LDAPEntry: uid=mnadmin,ou=User,l=Kranj,c=SI; LDAPAttributeSet: LDAPAttribute {type='itsuperuser', values='TRUE'} LDAPAttribute {type='itlastlogin', values='200504101330Z'} LDAPAttribute {type='sn', values='mnadmin'} LDAPAttribute {type='userpassword', values='{MD5}CY9rzUYh03PK3k6DJie09g=='} LDAPAttribute {type='objectclass', values='inetOrgPerson,organizationalPerson,person,itUserOC'} LDAPAttribute {type='uid', values='mnadmin'} LDAPAttribute {type='ituserlocked', values='FALSE'} LDAPAttribute {type='modifytimestamp', values='20151105074859Z'} LDAPAttribute {type='modifiersname', values='uid=mnadmin,ou=User,l=Kranj,c=SI'} LDAPAttribute {type='nsuniqueid', values='2cec3dde-17dd-1035-945a-f5630028a5a6'} LDAPAttribute {type='createtimestamp', values='20151105074714Z'} LDAPAttribute {
> type='creatorsname', values='cn=ldapadmin,l=Kranj,c=SI'} LDAPAttribute {type='cn', values='mnadmin'} LDAPAttribute {type='itpasswordexpire', values='200504101330Z'} LDAPAttribute {type='description', values='Administrator'} LDAPAttribute {type='structuralobjectclass', values='inetOrgPerson'}.
Okay this is expected if you try and add a prehashed password as a
regular user. So how are you adding these entries exactly?
If you are using ldapmodify, then you need to bind as the directory
manager to bypass these constraints. Or, import the entire user ldif
using ldif2db which also bypasses these checks.
Regards,
Mark
>
> Thank you very much.
> BR,
> Blaz
> _______________________________________________
> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
