> So if I understand the 389-ds ticket correctly, I can add pre-hashed passwords
> via ldapmodify to the 389 server using directory manager as the bind dn? I
> just can't use the ipa command line tool/script.

The short answer is "no". Trying to add the userPassword attribute with 
ldapmodify binding as "cn=directory manager" fails with operation error.

Error log attached to the ticket Rob made: 

To summarize:

No password migration via "ipa migrate-ds"; No password migration via "ipa 
user-add --setattr userPassword={SHA}..."; No password migration via 
'ldapmodify -D "cn=directory manager"'. Do you think a solution will be 
forthcoming, or is it a ways off? I can leave my old ldap directory up for a 
little while.


This electronic message contains information generated by the USDA solely for 
the intended recipients. Any unauthorized interception of this message or the 
use or disclosure of the information it contains may violate the law and 
subject the violator to civil or criminal penalties. If you believe you have 
received this message in error, please notify the sender and delete the email 

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to