On 09/22/2014 02:23 PM, Ron wrote:
We would like to add some users that are currently in the
password/shadow files on some servers into IPA.

Is there any way to copy (preferably via a script) the encrypted
password into IPA so that we do not have to have them reset their

Our idea is to use the "IPA  user-add" command to create the user then
insert their encrypted password into their IPA entry.


The most probably answer is no since the hash types would not match between what you have in the files and what LDAP server expects. If you by any chance configured your files to use other hashes than default it might match. You can go the other way and reconfigure the LDAP server but AFAIR it is not recommended. The user-add command would not work anyways as it does not accept hash as an input. Or I should say it would allow you to add users without passwords in a script. You can set a random password, send it to account owner in a script and make account owners to change passwords (default) on the first use.

Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to