Thanks Mark, I located all of the relevant information. I’m in the middle of testing everything now.
I appreciate your help! Relevant information for people who land here from some search: http://directory.fedoraproject.org/wiki/Password_Administrator On Mar 10, 2014, at 10:31 AM, Steven Crothers <[email protected]> wrote: > I am indeed using 1.3.2, I’m going to research the “Password Administrators” > feature myself. > > If you have the information on hand, that would be greatly appreciated. :) > > Thanks for setting me in the right direction! > > On Mar 10, 2014, at 10:25 AM, Mark Reynolds <[email protected]> wrote: > >> Steven, >> >> What version of 389 are you using? >> >> You can import it using the ldif2db command line tools. Trying to add it >> using ldapmodify is "not" importing an ldif. There are explicit checks that >> do not allow to add a prehashed password when adding an entry this way. >> >> There is a new "Password Administrators" feature in 1.3.1, where a "Password >> Admin" can add prehashed passwords using ldapmodify. >> >> But for now, if you just use ldif2db/ldif2db.pl you can add that LDIF >> without issue. >> >> Regards, >> Mark >> >> >> On 03/08/2014 11:35 PM, Steven Crothers wrote: >>> Hello, >>> >>> I'm trying to accomplish a poor mans replication from OpenDS from >>> Oracle/Sun. Basically the logic is as follows: >>> >>> OpenDS is attached to our corporate IDM. >>> User is managed in OpenDS. >>> User updates information in OpenDS. >>> OpenDS read-replica is updated in our local read-slave. >>> Python script notices there was a change in our local read-slave. >>> Script isolates the change from our read-slave and sends the DNs to >>> sync to my 389 (FreeIPA) server. >>> FreeIPA replica receives input over the network from notification >>> agent which includes DNs. >>> DNs attributes are re-organized (OpenDS doesn't use anything logical, >>> all 100% custom attributes/objectclasses). >>> DNs with re-organized attributes are inserted/updated in 389 server >>> (FreeIPA), minus the updated SSHA password hash. >>> >>> I get an error saying that adding pre-encoded passwords isn't allowed. >>> But, that makes me say "How the hell do you import an LDIF" backup, >>> and frankly, I can't find anything on the subject (albeit, I >>> admittedly didn't quite know how to search this issue either). >>> >>> I've never seen a server not accept pre-encoded password hashes (or at >>> least I don't recall this specific error in OpenDS/LDAP), so my >>> question is, how can I store the SSHA password hash from OpenDS in my >>> 389server (FreeIPA) server? >>> >>> Steven Crothers >>> [email protected] >>> -- >>> 389 users mailing list >>> [email protected] >>> https://admin.fedoraproject.org/mailman/listinfo/389-users >> >> -- >> Mark Reynolds >> 389 Development Team >> Red Hat, Inc >> [email protected] >> > -- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
