On 06/15/2017 07:48 AM, Blaz Kalan wrote:
Hi,
Sorry, I checked again and we use base64 coded passwords:
userPassword:: e01ENX1VSnlnNGJSbmcxRlB1NE43ZFlWYkdnPT0=
The server always base64
ecodes passwords - that is fine and expected
what do you suggest in this case?
But even if I try with md5, I get an error.
ldif:
dn: uid=mnadmin,ou=User,l=Kranj,c=SI
uid: mnadmin
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: itUserOC
description: Administrator
sn: mnadmin
cn: mnadmin
userPassword: {MD5}CY9rzUYh03PK3k6DJie09g==
structuralObjectClass: inetOrgPerson
nsuniqueid: 2cec3dde-17dd-1035-945a-f5630028a5a6
creatorsName: cn=ldapadmin,l=Kranj,c=SI
createTimestamp: 20151105074714Z
itUserLocked: FALSE
itSuperUser: TRUE
itPasswordExpire: 200504101330Z
itLastLogin: 200504101330Z
modifiersName: uid=mnadmin,ou=User,l=Kranj,c=SI
modifyTimestamp: 20151105074859Z
error:
Error adding object 'dn: uid=mnadmin,ou=User,l=Kranj,c=SI'. The error sent by
the server was 'Constraint violation. invalid password syntax - passwords with storage
scheme are not allowed'. The object is: LDAPEntry: uid=mnadmin,ou=User,l=Kranj,c=SI;
LDAPAttributeSet: LDAPAttribute {type='itsuperuser', values='TRUE'}
LDAPAttribute {type='itlastlogin', values='200504101330Z'} LDAPAttribute
{type='sn', values='mnadmin'} LDAPAttribute {type='userpassword',
values='{MD5}CY9rzUYh03PK3k6DJie09g=='} LDAPAttribute {type='objectclass',
values='inetOrgPerson,organizationalPerson,person,itUserOC'} LDAPAttribute
{type='uid', values='mnadmin'} LDAPAttribute {type='ituserlocked',
values='FALSE'} LDAPAttribute {type='modifytimestamp',
values='20151105074859Z'} LDAPAttribute {type='modifiersname',
values='uid=mnadmin,ou=User,l=Kranj,c=SI'} LDAPAttribute
{type='nsuniqueid', values='2cec3dde-17dd-1035-945a-f5630028a5a6'}
LDAPAttribute {type='createtimestamp', values='20151105074714Z'}
LDAPAttribute {
type='creatorsname', values='cn=ldapadmin,l=Kranj,c=SI'} LDAPAttribute
{type='cn', values='mnadmin'} LDAPAttribute
{type='itpasswordexpire', values='200504101330Z'} LDAPAttribute
{type='description', values='Administrator'} LDAPAttribute
{type='structuralobjectclass', values='inetOrgPerson'}.
Okay this is expected if you try and add a prehashed password as a
regular user. So how are you adding these entries exactly?
If you are using ldapmodify, then you need to bind as the directory
manager to bypass these constraints. Or, import the entire user ldif
using ldif2db which also bypasses these checks.
Regards,
Mark
Thank you very much.
BR,
Blaz
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org