LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Moving authentication to LDAP

[ILUG] Moving authentication to LDAP

Martin Feeney martin at tuatha.org
Thu Jan 31 16:02:41 GMT 2002 

On Thu, 31 Jan 2002 15:15:32 Mel wrote:

> > Try migrating the passwd file to an ldif.  Edit the produced ldif and
> > substitute all instances of {crypt} with {md5}.  Then import that ldif.

> Tried that already. both with base64 encoding and without. I still get
> invalid credentials when I try to bind as a user with the old login
> password

OK.  I just did something similar.  I left it as {crypt}, didn't bother 
base64 encoding.  Iadded the user to my ldap database (and removed it from 
/etc/passwd) then I logged in with the old password just fine.

If the userPassword starts with $1$ then it's an md5, but setting the 
scheme to {crypt} means ldap will use the crypt(3) function to compare 
passwords - this recognises the $1$ as signifying  md5 and the next 8 
chars as the salt.

I've only installed libnss_ldap and changed nsswitch.conf to use ldap - I 
can login directly and ssh to the machine verifying against ldap.

ldapsearch works for me, but without the need for a passphrase, or even 
the binddn.  Make sure you're using simple authentication (-x) or have 
ldap set up correctly with TLS/SASL.

To give some examples (I don't have SASL set up yet):

$ ldapsearch -D "uid=mbf,..." -W
Enter LDAP password: <enter correct password"
ldap_sasl_interactive_bind_s: No such attribute

$ ldapsearch -D "uid=mbf,..." -W -x
Enter LDAP password: <enter correct password"
<big ldap database dump>

$ ldapsearch -D "uid=mbf,..." -W -x
Enter LDAP password: <enter incorrect password"
ldap_bind: Invalid credentials

$ ldapsearch -x
<big ldap database dump>

$ ldapsearch -D "uid=mbf,..." -x
<big ldap database dump>

I hope some of this helps.

Martin.

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell