I'm working here on some way to migrate a passwd+shadow file to openldap
only and am running into problems for authentication. I've used tools to
import the contents of the files up but that isn't any use for using
pam_ldap as the openldap password is different to the login ones. The
problem appears to be that to authenticate, the client needs to be able to
bind to the server and for that, it needs to bind as the user. Thing is
shadow passwords and openldap passwords aren't the same so it doesn't
work.
Does anyone know what needs to be done so that either
a) pam_ldap can send an encrypted password to the openldap server which
compares it to userPassword and returns true/false allowing someone to
log in or
b) Migrating the passwd file in such a way that a persons ldap password is
the same as their login password. for this, the migrate_passwd tool is
not he answer. When I imported the encrypted password with {crypt} in
front of it, it didn't work. I suspect because the shadow passwords are md5
Copious amounts of googling have only showed people with similar problems
and much fiddling around has yielded nothing :-/ . Resetting everyones
password is not an option :-)
--
Mel
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
