From owner-freebsd-stable Tue Jul 23 14:29:24 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E076037B400 for ; Tue, 23 Jul 2002 14:29:21 -0700 (PDT) Received: from msn166-109.med.und.nodak.edu (msn166-109.med.und.NoDak.edu [134.129.166.109]) by mx1.FreeBSD.org (Postfix) with ESMTP id 79C2943E42 for ; Tue, 23 Jul 2002 14:29:21 -0700 (PDT) (envelope-from bp@barryp.org) Received: from geo.med.und.nodak.edu ([134.129.166.11] helo=barryp.org) by msn166-109.med.und.nodak.edu with esmtp (TLSv1:RC4-MD5:128) (Exim 4.03) id 17X7Db-000BJC-00; Tue, 23 Jul 2002 16:29:19 -0500 Message-ID: <3D3DCAA5.8060507@barryp.org> Date: Tue, 23 Jul 2002 16:29:09 -0500 From: Barry Pederson User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0) Gecko/20020530 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Mike Gratton Cc: freebsd-stable Subject: Re: openldap pwd/auth broken after upgrade to 4.6-STABLE References: <3D3D9A91.4040300@vee.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Mike Gratton wrote: > > Guys, > > Has anyone else encountered problems with OpenLDAP passwords and > authentication after upgrading to -STABLE a few weeks ago? > > After upgrading, and modifying a userPassword attribute, I'm getting > garbage back from the userPassword value, and I cannot bind to the > server as these users (although I can bind as the rootdn, which I > suspect is because I specify the rootdn's password in slapd.conf). > > Normally, using ldapsearch, the userPassword values look like: > > userPassword: {crypt}$1$C8ZLaata$AoZs/vKQuTma0Kquep5UH > > but now they look like: > > userPassword:: e2NyeXB0fSQxJE1PTjlsR0VxJDh3d1FEaW5tT1F5lWJKcFIwOW4yOS8= > > Note the double colon "::" and the bizzare looking value. The double-colon bit indicates that OpenLDAP encoded the attribute value as base-64. If you base-64 decode that value "e2Nye...." you'll get back something more like what you were expecting: {crypt}$1$MON9lGEq$8wwQDinmOQy\x95bJpR09n29/ Not sure why you can't bind as a user, but that's almost certainly an OpenLDAP issue, and nothing to do with your FreeBSD update. Barry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message