That doesn't really look like a "crypt"ed password. Do you know what format it is in? slapd supports numerous encryption schemes.
On Fri, Oct 11, 2013 at 4:19 PM, jupiter <[email protected]> wrote: > Thanks Chad for your response. Let me clarify the question: > > I have old LDAP AD password encryted in unixUserPassword: > > unixUserPassword: CNRP!efgh12345$67899 > > How can I use the encrypted password in unixUserPassword format to > userPassword? > > If I tried to add the unixUserPassword to an ldif file: > > dn: xxxxxxxxx > changetype: modify > replace: userPassword > userPassword: {crypt}CNRP!efgh12345$67899 > > Then run the command ldapmodify, it did not work, because it is simply > that the encrypted password "CNRP!efgh12345$67899" from > unixUserPassword is not the {crypt} format (I have no idea what the > format for the unixUserPassword is) > > I have searched openldap document and Internet, could not find anwser > for what type of the encryption used in unixUserPassword and how could > I convert the password in unixUserPassword to userPassword in an idif > file. Appreciate any advice and helps. > > Thank you. > > Kind regards, > > jupiter > > > On 10/12/13, Chad Scott <[email protected]> wrote: > > If I'm understanding your question, you need to base64 encode "{crypt}" > > followed by the old, encrypted value. > > > > You can avoid the base64 by using just one colon in your LDIF add. > > > >> On Oct 11, 2013, at 3:51, jupiter <[email protected]> wrote: > >> > >> Hi, > >> > >> I am migrating user account entries from an old openldap AD to > >> openldap BDB. Both LDAP client authentications are implemented in > >> Linux, the former in CentOS 5, and the latter in CentOS 6. > >> > >> But the major problem is that the old openldap AD uses encrypted > >> password in "unixUserPassword:" while the openldap BDB uses base64 > >> "userPassword::". > >> > >> The option for solution I could think of are: > >> > >> (a) Convert the encrypted password from unixUserPassword format to > >> userPasswor, then I can use ldapmodify to change userPassword. Is it > >> possible? If it is, appreciate more details. > >> > >> (b) Change LDAP client authentication to use unixUserPassword. I > >> haven't found any document to configure Linux client authentication to > >> use unixUserPassword. > >> > >> In fact, I could not find any document regarding details of uing > >> unixUserPassword. Any suggestions, tips and advice are very much > >> appreciated. > >> > >> Thank you. > >> > >> Kind regards, > >> > >> jupiter > >> > >> Sorry for asking a non-dev question, but I could not find any solution > >> from openldap document, nor from Internet searching. > >> > >> Thank you and appreciate any advice. > >> > >> Kind regards, > >> > >> jupiter > >> > > >
