Re: migrating users to openldap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Fri, 29 Oct 2010 16:42:41 +0200 (CEST) "Alexander Dalloz"
<ad+lists@xxxxxxxxx> wrote

> <SNIP>
> 
> The PADL script blindly uses {crypt}, although the password encryption
> mechanism may be very different.
> 
> > thanks in advance for any tips you can share that will get this working!
> 
> Alexander
> 

I think Alexander is onto something here.  I just checked my default CentOS 5
installation and /etc/sysconfig/authconfig specifies that the passwords are
hashed using MD5, so there's a good chance yours is too.  We ran into a problem
with this when we migrated users to the Sun directory server (not my choice!). 
The {?} part of the userPassword field value specifies the hash method used, so
if OpenLDAP supports MD5 you may be able to just do a global search-and-replace
of '{crypt}' with '{MD5}'.  

OTOH, if the "*" you showed in the message was literal, you'll probably have to
do some additional work to retrieve the user's password from /etc/shadow and
plug that in instead.  You could just cobble up a script to generate a simple
LDIF file just to change the passwords if you don't want to alter the output of
the PDL scripts.  The format is pretty simple, just look at the ldapmodify man
page for hints.  Just scan through /etc/shadow and look for something with a
pasword <> "!!" and generate the LDIF to change that user's password.

Just my $.02!
--
Jay Leafey - Memphis, TN
jay.leafey@xxxxxxxxxxxx


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux