On Mon, 2014-05-12 at 09:11 +0200, Martin Kosek wrote:
> 1) Get fbar1;s b64 encoded password hash:
> 
> # ldapsearch -Y EXTERNAL -H ldapi://%2fvar%2frun%
> 2fslapd-EXAMPLE-COM.socket -b
> 'uid=fbar1,cn=users,cn=accounts,dc=example,dc=com' userPassword

This seems to work great. I used user 'admin'. I assume this is the same
admin user.

1) Is this command something that is stable for use in scripting, or is
there a more machine-readable recommended way?

2) How can I compute/compare that hash to my password string? password I
selected is 'password'. :)

Thanks again!

Output is:

[root@ipa ~]# ldapsearch -Y EXTERNAL -H ldapi://%2fvar%2frun%
2fslapd-EXAMPLE-COM.socket -b
'uid=admin,cn=users,cn=accounts,dc=example,dc=com' userPassword
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <uid=admin,cn=users,cn=accounts,dc=example,dc=com> with scope
subtree
# filter: (objectclass=*)
# requesting: userPassword 
#

# admin, users, accounts, example.com
dn: uid=admin,cn=users,cn=accounts,dc=example,dc=com
userPassword::
e1NTSEF9cjc0OGc3ZThnY1FsWVpwVFNqWU8yMDAreTF2WEZNRjVUSXBQV3c9PQ=
 =

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
[root@ipa ~]# 

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to