passwordAdminDN help

Morgan Jones <morgan@xxxxxxxxxxxxxxx> · Tue, 28 Sep 2021 17:53:56 -0400

May I have a sanity check here?  I am attempting to add pre-hashed passwords to users.  If I’ve read the documentation correctly this should work.  I’ve also tried putting uid=selectivesync389,ou=svc_accts,dc=domain,dc=org directly in passwordAdminDN:

morgan@woodrow-2 ~ % ldapsearch -H ldaps://tstds21.domain.org -x -w pass -D cn=directory\ manager -LLLb cn=config -s base objectclass=\*  passwordAdminDN
dn: cn=config
passwordAdminDN: cn=Passwd Admins,ou=groups,dc=domain,dc=org

morgan@woodrow-2 ~ % 

morgan@woodrow-2 ~ % ldapsearch -H ldaps://tstds21.domain.org -x -w pass -D cn=directory\ manager -LLLb dc=domain,dc=org cn=passwd\ admins
dn: cn=Passwd Admins,ou=groups,dc=domain,dc=org
description: password admins
objectClass: top
objectClass: groupofuniquenames
cn: Passwd Admins
uniqueMember: uid=selectivesync389,ou=svc_accts,dc=domain,dc=org

morgan@woodrow-2 ~ %

morgan@woodrow-2 ~ % ldapmodify -a  -w pass -D uid=selectivesync389,ou=svc_accts,dc=domain,dc=org -H ldaps://tstds21.domain.org
dn: uid=zimbratest06,ou=employees,dc=domain,dc=org
changetype: modify
replace: userpassword
userpassword: {SHA}hrJ6x38+yn2LiTm1qqkGjNXAh8I=

modifying entry "uid=zimbratest06,ou=employees,dc=domain,dc=org"
ldap_modify: Constraint violation (19)
	additional info: invalid password syntax - passwords with storage scheme are not allowed

morgan@woodrow-2 ~ % 

We’re running 1.3.10 on CentOS 7.9:

[root@tstds21 morgan]# cat /etc/redhat-release 
CentOS Linux release 7.9.2009 (Core)
[root@tstds21 morgan]# rpm -qa|grep 389
389-adminutil-1.1.22-2.el7.x86_64
389-ds-base-1.3.10.2-10.el7_9.x86_64
389-ds-console-doc-1.2.16-1.el7.noarch
389-ds-base-libs-1.3.10.2-10.el7_9.x86_64
389-console-1.1.19-6.el7.noarch
389-ds-console-1.2.16-1.el7.noarch
389-dsgw-1.1.11-5.el7.x86_64
389-admin-console-1.1.12-1.el7.noarch
389-ds-1.2.2-6.el7.noarch
389-admin-console-doc-1.1.12-1.el7.noarch
389-admin-1.1.46-4.el7.x86_64
[root@tstds21 morgan]#

Am I missing something??  thank you!

-morgan
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure