Hi Chad, On 10/12/13, Chad Scott <[email protected]> wrote: > That doesn't really look like a "crypt"ed password. Do you know what format > it is in? slapd supports numerous encryption schemes.
I don't know what encryption type for unixUserPassword and I could not find from searching Internet either. I got it from openldap server using Microsoft Active Directory database. I have been trying to check slappasswd in different encryption type MD5, etc, but no luck. > > On Fri, Oct 11, 2013 at 4:19 PM, jupiter <[email protected]> wrote: > >> Thanks Chad for your response. Let me clarify the question: >> >> I have old LDAP AD password encryted in unixUserPassword: >> >> unixUserPassword: CNRP!efgh12345$67899 >> >> How can I use the encrypted password in unixUserPassword format to >> userPassword? >> >> If I tried to add the unixUserPassword to an ldif file: >> >> dn: xxxxxxxxx >> changetype: modify >> replace: userPassword >> userPassword: {crypt}CNRP!efgh12345$67899 >> >> Then run the command ldapmodify, it did not work, because it is simply >> that the encrypted password "CNRP!efgh12345$67899" from >> unixUserPassword is not the {crypt} format (I have no idea what the >> format for the unixUserPassword is) >> >> I have searched openldap document and Internet, could not find anwser >> for what type of the encryption used in unixUserPassword and how could >> I convert the password in unixUserPassword to userPassword in an idif >> file. Appreciate any advice and helps. >> >> Thank you. >> >> Kind regards, >> >> jupiter >> >> >> On 10/12/13, Chad Scott <[email protected]> wrote: >> > If I'm understanding your question, you need to base64 encode "{crypt}" >> > followed by the old, encrypted value. >> > >> > You can avoid the base64 by using just one colon in your LDIF add. >> > >> >> On Oct 11, 2013, at 3:51, jupiter <[email protected]> wrote: >> >> >> >> Hi, >> >> >> >> I am migrating user account entries from an old openldap AD to >> >> openldap BDB. Both LDAP client authentications are implemented in >> >> Linux, the former in CentOS 5, and the latter in CentOS 6. >> >> >> >> But the major problem is that the old openldap AD uses encrypted >> >> password in "unixUserPassword:" while the openldap BDB uses base64 >> >> "userPassword::". >> >> >> >> The option for solution I could think of are: >> >> >> >> (a) Convert the encrypted password from unixUserPassword format to >> >> userPasswor, then I can use ldapmodify to change userPassword. Is it >> >> possible? If it is, appreciate more details. >> >> >> >> (b) Change LDAP client authentication to use unixUserPassword. I >> >> haven't found any document to configure Linux client authentication to >> >> use unixUserPassword. >> >> >> >> In fact, I could not find any document regarding details of uing >> >> unixUserPassword. Any suggestions, tips and advice are very much >> >> appreciated. >> >> >> >> Thank you. >> >> >> >> Kind regards, >> >> >> >> jupiter >> >> >> >> Sorry for asking a non-dev question, but I could not find any solution >> >> from openldap document, nor from Internet searching. >> >> >> >> Thank you and appreciate any advice. >> >> >> >> Kind regards, >> >> >> >> jupiter >> >> >> > >> >
