Date: Tue, 23 Jul 2002 16:29:09 -0500 From: Barry Pederson <bp@barryp.org> To: Mike Gratton <mike@vee.net> Cc: freebsd-stable <freebsd-stable@FreeBSD.ORG> Subject: Re: openldap pwd/auth broken after upgrade to 4.6-STABLE Message-ID: <3D3DCAA5.8060507@barryp.org> References: <3D3D9A91.4040300@vee.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Gratton wrote:
>
> Guys,
>
> Has anyone else encountered problems with OpenLDAP passwords and
> authentication after upgrading to -STABLE a few weeks ago?
>
> After upgrading, and modifying a userPassword attribute, I'm getting
> garbage back from the userPassword value, and I cannot bind to the
> server as these users (although I can bind as the rootdn, which I
> suspect is because I specify the rootdn's password in slapd.conf).
>
> Normally, using ldapsearch, the userPassword values look like:
>
> userPassword: {crypt}$1$C8ZLaata$AoZs/vKQuTma0Kquep5UH
>
> but now they look like:
>
> userPassword:: e2NyeXB0fSQxJE1PTjlsR0VxJDh3d1FEaW5tT1F5lWJKcFIwOW4yOS8=
>
> Note the double colon "::" and the bizzare looking value.
The double-colon bit indicates that OpenLDAP encoded the attribute value as
base-64. If you base-64 decode that value "e2Nye...." you'll get back
something more like what you were expecting:
{crypt}$1$MON9lGEq$8wwQDinmOQy\x95bJpR09n29/
Not sure why you can't bind as a user, but that's almost certainly an
OpenLDAP issue, and nothing to do with your FreeBSD update.
Barry
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D3DCAA5.8060507>