That sounds reasonable; but it doesn't appear to
work. Let me go into the details a little more:
- FDS + Samba3 on one server with user's passwords stored as SSHA
Hashed values.
- New OpenLDAP install on a different server (used by other
services on that machine, and no they won't play nice w/ external ldap
server); this server is also setup (already) to store passwords using
SSHA.
- We want to copy the hashed password value from FDS and put in it
into the OpenLDAP server as the userPassword attribute for the users;
however the other server is using a different sha seed, therefore when
it tries to compare the value entered by the user to the stored value
it fails (as it is using its own seed to re-hash the password and do
the comparison).
So that's where we stand. Currently have been told to simply set all
users in the OpenLDAP to a default value and make them reset their
passwords on that server if they want to.
Mike Jackson wrote:
Robert r.
Sanders wrote:
Yeah, but what I want to do is copy the HASH
from one server to the other.
In that case, you don't need to do anything.
If you have FDS set to do hashing in SSHA, and you send a cleartext
string as a userPassword modify, then FDS SSHA hashes it for you.
If you send a string prefixed with {SSHA} as a userPassword modify, FDS
does not hash it for you.
--
mike
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Robert r. Sanders
Chief Technologist
iPOV
(334) 821-5412
www.ipov.net
|
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
