I am indeed using 1.3.2, I’m going to research the “Password Administrators” feature myself.
If you have the information on hand, that would be greatly appreciated. :) Thanks for setting me in the right direction! On Mar 10, 2014, at 10:25 AM, Mark Reynolds <[email protected]> wrote: > Steven, > > What version of 389 are you using? > > You can import it using the ldif2db command line tools. Trying to add it > using ldapmodify is "not" importing an ldif. There are explicit checks that > do not allow to add a prehashed password when adding an entry this way. > > There is a new "Password Administrators" feature in 1.3.1, where a "Password > Admin" can add prehashed passwords using ldapmodify. > > But for now, if you just use ldif2db/ldif2db.pl you can add that LDIF without > issue. > > Regards, > Mark > > > On 03/08/2014 11:35 PM, Steven Crothers wrote: >> Hello, >> >> I'm trying to accomplish a poor mans replication from OpenDS from >> Oracle/Sun. Basically the logic is as follows: >> >> OpenDS is attached to our corporate IDM. >> User is managed in OpenDS. >> User updates information in OpenDS. >> OpenDS read-replica is updated in our local read-slave. >> Python script notices there was a change in our local read-slave. >> Script isolates the change from our read-slave and sends the DNs to >> sync to my 389 (FreeIPA) server. >> FreeIPA replica receives input over the network from notification >> agent which includes DNs. >> DNs attributes are re-organized (OpenDS doesn't use anything logical, >> all 100% custom attributes/objectclasses). >> DNs with re-organized attributes are inserted/updated in 389 server >> (FreeIPA), minus the updated SSHA password hash. >> >> I get an error saying that adding pre-encoded passwords isn't allowed. >> But, that makes me say "How the hell do you import an LDIF" backup, >> and frankly, I can't find anything on the subject (albeit, I >> admittedly didn't quite know how to search this issue either). >> >> I've never seen a server not accept pre-encoded password hashes (or at >> least I don't recall this specific error in OpenDS/LDAP), so my >> question is, how can I store the SSHA password hash from OpenDS in my >> 389server (FreeIPA) server? >> >> Steven Crothers >> [email protected] >> -- >> 389 users mailing list >> [email protected] >> https://admin.fedoraproject.org/mailman/listinfo/389-users > > -- > Mark Reynolds > 389 Development Team > Red Hat, Inc > [email protected] > -- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
