Re: [lsc-users] LSC - Cleaning LDAP

Sun, 01 Mar 2020 10:08:11 -0800 

Le 28/02/2020 à 15:39, Forster Arnaud, Gymnase francais a écrit :
>
> Last problem ... I hope  :)
>
> Using my existing LDAP, I have to create several values for different
> entries for my users:
>
> Here's a 'normal' entry made by the system :
>
>     userPassword: {sha}bH5qQNPEqIDVs4mzBddiea88OFg=
>     clearSHAPassword: {sha}bH5qQNPEqIDVs4mzBddiea88OFg=
>     clearSHA1Password: 6c7e6a40d3c4a880d5b389b305d76279af3c3858
>     clearMicrosoftNTPassword: DD307203909F8D357CDD95984BDD35CF
>     sambaNTPassword: DD307203909F8D357CDD95984BDD35CF
>
> I'm able to create all these entries using the LSC <SecurityUtils.xxx>
> tool except the one for the clearSHA1clearSHA1Password
>
> for the userpassword and the clearSHAPassword, I do the following :
>
>    
> <string>"{SHA}"+SecurityUtils.hash(SecurityUtils.HASH_SHA1,srcBean.getDatasetFirstValueById("uid"))</string>
>
> and for the clearMicrosoftNTPassword and the sambaNTPassword this :
>
>   
> <string>SecurityUtils.computeSambaNTPassword(srcBean.getDatasetFirstValueById("uid"))</string>
>
> With that, I'm able to login using a MAC computer and able to connect
> to my ldap web console. But once connected, if i'm trying to change
> the password, I first have to introduce my current password and there
> I get the following error : password  not correct ! Difficult to
> understand because I was able to login ...
>
> I imagine this because my clearSHA1Password entry is not correct.
>
> According to the attribute, I thought that the password was the SHA1
> crypting but not.
>
> do you have an idea on which value I could use to crypt my password
> for that attribute ?
>

Hello,

as far a I know, SHA and SHA1 are the same thing. I don't understand why
you have 2 different attributes (clearSHAPassword / clearSHA1Password)

Now your issue is when you change the password,bu with which tool do you
change it? What checks are done by this tool?


-- 
Clément Oudot | Identity Solutions Manager

[email protected]

Worteks | https://www.worteks.com


_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users

Reply via email to