FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 08-05-2012, 02:49 PM
Grzegorz Dwornicki
 
Default how to generate the userpassword

You can use gui. Just edit user account and type thre new password. Directory server should encypt it before updating the entry in database.


If you use slappasswd without any parameters it will ask for password and generate sha1 hash for you. To use crypt you need to set format to crypt, and set proper salt.


I shold have on my pc example script using slappasswd i wrote it some time ago. I can't post it now bcause at the moment im on the bus. If no one will post example of using slappasswd then I will later. Unless you will find solution first.



Greg.


Send from htc desire z

05-08-2012 15:34, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
HI

Thanks for reply

I am using Directory Server 389



and I am using a script to create the ldif file



So some how i will ┬*have to create userpassword ..



But dont understand .. whats the way ┬*to do that

From GUI interface i can create password ┬*easily

so whats the syntax to create userpassword ??



Regards





On Sun, Aug 5, 2012 at 2:25 PM, Christopher Wood

<christopher_wood@pobox.com> wrote:

> Perhaps use slappasswd?

>

> On Sun, Aug 05, 2012 at 01:58:33PM +0100, Fosiul Alam wrote:

>> Hi

>> I am generating ┬*the ldif by script.

>> but i cant understand how ┬*will i generate the userpassword.

>>

>> userPassword: {crypt}x

>>

>> how this crypt or hash working

>>

>> Please give me some lights on this.

>>

>>

>> Regards

>> --

>> 389 users mailing list

>> 389-users@lists.fedoraproject.org

>> https://admin.fedoraproject.org/mailman/listinfo/389-users

> --

> 389 users mailing list

> 389-users@lists.fedoraproject.org

> https://admin.fedoraproject.org/mailman/listinfo/389-users







--

Regards

Fosiul Alam

07877100621

http://www.fosiul.co.uk

--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 08-05-2012, 02:55 PM
Fosiul Alam
 
Default how to generate the userpassword

Hi Thanks
i cant use GUI as the script should take care everything
I think it would sha1 .
i will try to find a solution if i cant please post your script here

it would be really helpful
thanks


On Sun, Aug 5, 2012 at 3:49 PM, Grzegorz Dwornicki <gd1100@gmail.com> wrote:
> You can use gui. Just edit user account and type thre new password.
> Directory server should encypt it before updating the entry in database.
>
> If you use slappasswd without any parameters it will ask for password and
> generate sha1 hash for you. To use crypt you need to set format to crypt,
> and set proper salt.
>
> I shold have on my pc example script using slappasswd i wrote it some time
> ago. I can't post it now bcause at the moment im on the bus. If no one will
> post example of using slappasswd then I will later. Unless you will find
> solution first.
>
> Greg.
>
> Send from htc desire z
>
> 05-08-2012 15:34, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
>
>> HI
>> Thanks for reply
>> I am using Directory Server 389
>>
>> and I am using a script to create the ldif file
>>
>> So some how i will have to create userpassword ..
>>
>> But dont understand .. whats the way to do that
>> From GUI interface i can create password easily
>> so whats the syntax to create userpassword ??
>>
>> Regards
>>
>>
>> On Sun, Aug 5, 2012 at 2:25 PM, Christopher Wood
>> <christopher_wood@pobox.com> wrote:
>> > Perhaps use slappasswd?
>> >
>> > On Sun, Aug 05, 2012 at 01:58:33PM +0100, Fosiul Alam wrote:
>> >> Hi
>> >> I am generating the ldif by script.
>> >> but i cant understand how will i generate the userpassword.
>> >>
>> >> userPassword: {crypt}x
>> >>
>> >> how this crypt or hash working
>> >>
>> >> Please give me some lights on this.
>> >>
>> >>
>> >> Regards
>> >> --
>> >> 389 users mailing list
>> >> 389-users@lists.fedoraproject.org
>> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
>> > --
>> > 389 users mailing list
>> > 389-users@lists.fedoraproject.org
>> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>> --
>> Regards
>> Fosiul Alam
>> 07877100621
>> http://www.fosiul.co.uk
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users



--
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 08-05-2012, 05:29 PM
Grzegorz Dwornicki
 
Default how to generate the userpassword

Here it is. I was using it to change password on openldap + samba using ldap. Samba has its own password attribute. This script takes password from user, encrypt it in crypt + call smbpasswd to set password aswell.


$ cat sambaldapnewpass┬*
#!/bin/bash

#ask user for password:

BASEDN="dc=org1,dc=county"
USERDN="dc=domain1"
BASEDIR=/home/lol87

#login LDAP format: uid=$LOGIN,$USERDN,$BASEDN


if┬* [ -e $1 ];
then
┬*┬*┬* echo "Login"
┬*┬*┬* read LOGIN
else
┬*┬*┬* LOGIN=$1
fi

stty -echo

PASS=s
PASS2=w

while [ $PASS != $PASS2 ];
do
┬*┬*┬* echo "new password:"

┬*┬*┬* read PASS
┬*┬*┬* echo "repeat new password:"
┬*┬*┬* read PASS2
done

stty echo

echo $PASS > $BASEDIR/${LOGIN}.tmp
chmod 400 $BASEDIR/${LOGIN}.tmp

#generate new password for LDAP:


LDAPPASS=$(slappasswd -n -h '{crypt}' -c '$6$%.27s' -T $BASEDIR/${LOGIN}.tmp -n)
echo $LDAPPASS
rm $BASEDIR/${LOGIN}.tmp

cat $BASEDIR/passchange.ldif | sed ' s/LDAPLOGIN/'$LOGIN'/ ' | sed ' s/BASEDN/'$BASEDN'/ ' | sed ' s/USERDN/'$USERDN'/ ' > $BASEDIR/passchange_tmp.ldif

echo┬* "userPassword: $LDAPPASS" >> $BASEDIR/passchange_tmp.ldif
ldapmodify -x -D "cn=admin,dc=domain1,dc=org1,dc=county" -w some_password < $BASEDIR/passchange_tmp.ldif

#rm $BASEDIR/passchange_tmp.ldif


and now:
$ cat passchange.ldif
dn: uid=LDAPLOGIN,USERDN,BASEDN
changetype: modify
replace: userPassword

You may need to change:

slappasswd -n -h '{crypt}' -c '$6$%.27s' -T $BASEDIR/${LOGIN}.tmp -n


paremeter of -c option defines salt. In my experience i saw many Linux distros having diferent salt. Part "$6$" is required (look in man page of crypt function) and "%.27s" means to generate 27chars for salt. More details you may found in man page of slappasswd. Option -h tells slappasswd to use format provided as parameter in this case crypt.


I did not use it for some time soo please treat this as a template for your script. I hope this will help you.

Greg.

2012/8/5 Fosiul Alam <fosiul@gmail.com>

Hi Thanks

i cant use GUI ┬*as the script should take care everything

I think it would sha1 .

i will try to find a solution if i cant please post your script here



it would be really helpful

thanks





On Sun, Aug 5, 2012 at 3:49 PM, Grzegorz Dwornicki <gd1100@gmail.com> wrote:

> You can use gui. Just edit user account and type thre new password.

> Directory server should encypt it before updating the entry in database.

>

> If you use slappasswd without any parameters it will ask for password and

> generate sha1 hash for you. To use crypt you need to set format to crypt,

> and set proper salt.

>

> I shold have on my pc example script using slappasswd i wrote it some time

> ago. I can't post it now bcause at the moment im on the bus. If no one will

> post example of using slappasswd then I will later. Unless you will find

> solution first.

>

> Greg.

>

> Send from htc desire z

>

> 05-08-2012 15:34, "Fosiul Alam" <fosiul@gmail.com> napisał(a):

>

>> HI

>> Thanks for reply

>> I am using Directory Server 389

>>

>> and I am using a script to create the ldif file

>>

>> So some how i will ┬*have to create userpassword ..

>>

>> But dont understand .. whats the way ┬*to do that

>> From GUI interface i can create password ┬*easily

>> so whats the syntax to create userpassword ??

>>

>> Regards

>>

>>

>> On Sun, Aug 5, 2012 at 2:25 PM, Christopher Wood

>> <christopher_wood@pobox.com> wrote:

>> > Perhaps use slappasswd?

>> >

>> > On Sun, Aug 05, 2012 at 01:58:33PM +0100, Fosiul Alam wrote:

>> >> Hi

>> >> I am generating ┬*the ldif by script.

>> >> but i cant understand how ┬*will i generate the userpassword.

>> >>

>> >> userPassword: {crypt}x

>> >>

>> >> how this crypt or hash working

>> >>

>> >> Please give me some lights on this.

>> >>

>> >>

>> >> Regards

>> >> --

>> >> 389 users mailing list

>> >> 389-users@lists.fedoraproject.org

>> >> https://admin.fedoraproject.org/mailman/listinfo/389-users

>> > --

>> > 389 users mailing list

>> > 389-users@lists.fedoraproject.org

>> > https://admin.fedoraproject.org/mailman/listinfo/389-users

>>

>>

>>

>> --

>> Regards

>> Fosiul Alam

>> 07877100621

>> http://www.fosiul.co.uk

>> --

>> 389 users mailing list

>> 389-users@lists.fedoraproject.org

>> https://admin.fedoraproject.org/mailman/listinfo/389-users

>

>

> --

> 389 users mailing list

> 389-users@lists.fedoraproject.org

> https://admin.fedoraproject.org/mailman/listinfo/389-users







--

Regards

Fosiul Alam

07877100621

http://www.fosiul.co.uk

--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 08-05-2012, 06:24 PM
Fosiul Alam
 
Default how to generate the userpassword

Hi thanks for the script

one thing i am still confused is
suppose i want to give password "test123" as default password at time
of user creating
how will i create this password and will put that one in

userPassword: ???



On Sun, Aug 5, 2012 at 6:29 PM, Grzegorz Dwornicki <gd1100@gmail.com> wrote:
> Here it is. I was using it to change password on openldap + samba using
> ldap. Samba has its own password attribute. This script takes password from
> user, encrypt it in crypt + call smbpasswd to set password aswell.
>
> $ cat sambaldapnewpass
> #!/bin/bash
>
> #ask user for password:
>
> BASEDN="dc=org1,dc=county"
> USERDN="dc=domain1"
> BASEDIR=/home/lol87
>
> #login LDAP format: uid=$LOGIN,$USERDN,$BASEDN
>
> if [ -e $1 ];
> then
> echo "Login"
> read LOGIN
> else
> LOGIN=$1
> fi
>
> stty -echo
>
> PASS=s
> PASS2=w
>
> while [ $PASS != $PASS2 ];
> do
> echo "new password:"
> read PASS
> echo "repeat new password:"
> read PASS2
> done
>
> stty echo
>
> echo $PASS > $BASEDIR/${LOGIN}.tmp
> chmod 400 $BASEDIR/${LOGIN}.tmp
>
> #generate new password for LDAP:
>
> LDAPPASS=$(slappasswd -n -h '{crypt}' -c '$6$%.27s' -T $BASEDIR/${LOGIN}.tmp
> -n)
> echo $LDAPPASS
> rm $BASEDIR/${LOGIN}.tmp
>
> cat $BASEDIR/passchange.ldif | sed ' s/LDAPLOGIN/'$LOGIN'/ ' | sed '
> s/BASEDN/'$BASEDN'/ ' | sed ' s/USERDN/'$USERDN'/ ' >
> $BASEDIR/passchange_tmp.ldif
> echo "userPassword: $LDAPPASS" >> $BASEDIR/passchange_tmp.ldif
> ldapmodify -x -D "cn=admin,dc=domain1,dc=org1,dc=county" -w some_password <
> $BASEDIR/passchange_tmp.ldif
>
> #rm $BASEDIR/passchange_tmp.ldif
>
> and now:
> $ cat passchange.ldif
> dn: uid=LDAPLOGIN,USERDN,BASEDN
> changetype: modify
> replace: userPassword
>
> You may need to change:
>
> slappasswd -n -h '{crypt}' -c '$6$%.27s' -T $BASEDIR/${LOGIN}.tmp -n
>
> paremeter of -c option defines salt. In my experience i saw many Linux
> distros having diferent salt. Part "$6$" is required (look in man page of
> crypt function) and "%.27s" means to generate 27chars for salt. More details
> you may found in man page of slappasswd. Option -h tells slappasswd to use
> format provided as parameter in this case crypt.
>
> I did not use it for some time soo please treat this as a template for your
> script. I hope this will help you.
>
> Greg.
>
>
> 2012/8/5 Fosiul Alam <fosiul@gmail.com>
>>
>> Hi Thanks
>> i cant use GUI as the script should take care everything
>> I think it would sha1 .
>> i will try to find a solution if i cant please post your script here
>>
>> it would be really helpful
>> thanks
>>
>>
>> On Sun, Aug 5, 2012 at 3:49 PM, Grzegorz Dwornicki <gd1100@gmail.com>
>> wrote:
>> > You can use gui. Just edit user account and type thre new password.
>> > Directory server should encypt it before updating the entry in database.
>> >
>> > If you use slappasswd without any parameters it will ask for password
>> > and
>> > generate sha1 hash for you. To use crypt you need to set format to
>> > crypt,
>> > and set proper salt.
>> >
>> > I shold have on my pc example script using slappasswd i wrote it some
>> > time
>> > ago. I can't post it now bcause at the moment im on the bus. If no one
>> > will
>> > post example of using slappasswd then I will later. Unless you will find
>> > solution first.
>> >
>> > Greg.
>> >
>> > Send from htc desire z
>> >
>> > 05-08-2012 15:34, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
>> >
>> >> HI
>> >> Thanks for reply
>> >> I am using Directory Server 389
>> >>
>> >> and I am using a script to create the ldif file
>> >>
>> >> So some how i will have to create userpassword ..
>> >>
>> >> But dont understand .. whats the way to do that
>> >> From GUI interface i can create password easily
>> >> so whats the syntax to create userpassword ??
>> >>
>> >> Regards
>> >>
>> >>
>> >> On Sun, Aug 5, 2012 at 2:25 PM, Christopher Wood
>> >> <christopher_wood@pobox.com> wrote:
>> >> > Perhaps use slappasswd?
>> >> >
>> >> > On Sun, Aug 05, 2012 at 01:58:33PM +0100, Fosiul Alam wrote:
>> >> >> Hi
>> >> >> I am generating the ldif by script.
>> >> >> but i cant understand how will i generate the userpassword.
>> >> >>
>> >> >> userPassword: {crypt}x
>> >> >>
>> >> >> how this crypt or hash working
>> >> >>
>> >> >> Please give me some lights on this.
>> >> >>
>> >> >>
>> >> >> Regards
>> >> >> --
>> >> >> 389 users mailing list
>> >> >> 389-users@lists.fedoraproject.org
>> >> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
>> >> > --
>> >> > 389 users mailing list
>> >> > 389-users@lists.fedoraproject.org
>> >> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>> >>
>> >>
>> >>
>> >> --
>> >> Regards
>> >> Fosiul Alam
>> >> 07877100621
>> >> http://www.fosiul.co.uk
>> >> --
>> >> 389 users mailing list
>> >> 389-users@lists.fedoraproject.org
>> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
>> >
>> >
>> > --
>> > 389 users mailing list
>> > 389-users@lists.fedoraproject.org
>> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>> --
>> Regards
>> Fosiul Alam
>> 07877100621
>> http://www.fosiul.co.uk
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users



--
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 08-05-2012, 07:15 PM
Fosiul Alam
 
Default how to generate the userpassword

Hi
thanks its works fine. perfectly

Thanks for your help


On Sun, Aug 5, 2012 at 7:24 PM, Fosiul Alam <fosiul@gmail.com> wrote:
> Hi thanks for the script
>
> one thing i am still confused is
> suppose i want to give password "test123" as default password at time
> of user creating
> how will i create this password and will put that one in
>
> userPassword: ???
>
>
>
> On Sun, Aug 5, 2012 at 6:29 PM, Grzegorz Dwornicki <gd1100@gmail.com> wrote:
>> Here it is. I was using it to change password on openldap + samba using
>> ldap. Samba has its own password attribute. This script takes password from
>> user, encrypt it in crypt + call smbpasswd to set password aswell.
>>
>> $ cat sambaldapnewpass
>> #!/bin/bash
>>
>> #ask user for password:
>>
>> BASEDN="dc=org1,dc=county"
>> USERDN="dc=domain1"
>> BASEDIR=/home/lol87
>>
>> #login LDAP format: uid=$LOGIN,$USERDN,$BASEDN
>>
>> if [ -e $1 ];
>> then
>> echo "Login"
>> read LOGIN
>> else
>> LOGIN=$1
>> fi
>>
>> stty -echo
>>
>> PASS=s
>> PASS2=w
>>
>> while [ $PASS != $PASS2 ];
>> do
>> echo "new password:"
>> read PASS
>> echo "repeat new password:"
>> read PASS2
>> done
>>
>> stty echo
>>
>> echo $PASS > $BASEDIR/${LOGIN}.tmp
>> chmod 400 $BASEDIR/${LOGIN}.tmp
>>
>> #generate new password for LDAP:
>>
>> LDAPPASS=$(slappasswd -n -h '{crypt}' -c '$6$%.27s' -T $BASEDIR/${LOGIN}.tmp
>> -n)
>> echo $LDAPPASS
>> rm $BASEDIR/${LOGIN}.tmp
>>
>> cat $BASEDIR/passchange.ldif | sed ' s/LDAPLOGIN/'$LOGIN'/ ' | sed '
>> s/BASEDN/'$BASEDN'/ ' | sed ' s/USERDN/'$USERDN'/ ' >
>> $BASEDIR/passchange_tmp.ldif
>> echo "userPassword: $LDAPPASS" >> $BASEDIR/passchange_tmp.ldif
>> ldapmodify -x -D "cn=admin,dc=domain1,dc=org1,dc=county" -w some_password <
>> $BASEDIR/passchange_tmp.ldif
>>
>> #rm $BASEDIR/passchange_tmp.ldif
>>
>> and now:
>> $ cat passchange.ldif
>> dn: uid=LDAPLOGIN,USERDN,BASEDN
>> changetype: modify
>> replace: userPassword
>>
>> You may need to change:
>>
>> slappasswd -n -h '{crypt}' -c '$6$%.27s' -T $BASEDIR/${LOGIN}.tmp -n
>>
>> paremeter of -c option defines salt. In my experience i saw many Linux
>> distros having diferent salt. Part "$6$" is required (look in man page of
>> crypt function) and "%.27s" means to generate 27chars for salt. More details
>> you may found in man page of slappasswd. Option -h tells slappasswd to use
>> format provided as parameter in this case crypt.
>>
>> I did not use it for some time soo please treat this as a template for your
>> script. I hope this will help you.
>>
>> Greg.
>>
>>
>> 2012/8/5 Fosiul Alam <fosiul@gmail.com>
>>>
>>> Hi Thanks
>>> i cant use GUI as the script should take care everything
>>> I think it would sha1 .
>>> i will try to find a solution if i cant please post your script here
>>>
>>> it would be really helpful
>>> thanks
>>>
>>>
>>> On Sun, Aug 5, 2012 at 3:49 PM, Grzegorz Dwornicki <gd1100@gmail.com>
>>> wrote:
>>> > You can use gui. Just edit user account and type thre new password.
>>> > Directory server should encypt it before updating the entry in database.
>>> >
>>> > If you use slappasswd without any parameters it will ask for password
>>> > and
>>> > generate sha1 hash for you. To use crypt you need to set format to
>>> > crypt,
>>> > and set proper salt.
>>> >
>>> > I shold have on my pc example script using slappasswd i wrote it some
>>> > time
>>> > ago. I can't post it now bcause at the moment im on the bus. If no one
>>> > will
>>> > post example of using slappasswd then I will later. Unless you will find
>>> > solution first.
>>> >
>>> > Greg.
>>> >
>>> > Send from htc desire z
>>> >
>>> > 05-08-2012 15:34, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
>>> >
>>> >> HI
>>> >> Thanks for reply
>>> >> I am using Directory Server 389
>>> >>
>>> >> and I am using a script to create the ldif file
>>> >>
>>> >> So some how i will have to create userpassword ..
>>> >>
>>> >> But dont understand .. whats the way to do that
>>> >> From GUI interface i can create password easily
>>> >> so whats the syntax to create userpassword ??
>>> >>
>>> >> Regards
>>> >>
>>> >>
>>> >> On Sun, Aug 5, 2012 at 2:25 PM, Christopher Wood
>>> >> <christopher_wood@pobox.com> wrote:
>>> >> > Perhaps use slappasswd?
>>> >> >
>>> >> > On Sun, Aug 05, 2012 at 01:58:33PM +0100, Fosiul Alam wrote:
>>> >> >> Hi
>>> >> >> I am generating the ldif by script.
>>> >> >> but i cant understand how will i generate the userpassword.
>>> >> >>
>>> >> >> userPassword: {crypt}x
>>> >> >>
>>> >> >> how this crypt or hash working
>>> >> >>
>>> >> >> Please give me some lights on this.
>>> >> >>
>>> >> >>
>>> >> >> Regards
>>> >> >> --
>>> >> >> 389 users mailing list
>>> >> >> 389-users@lists.fedoraproject.org
>>> >> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>> >> > --
>>> >> > 389 users mailing list
>>> >> > 389-users@lists.fedoraproject.org
>>> >> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> Regards
>>> >> Fosiul Alam
>>> >> 07877100621
>>> >> http://www.fosiul.co.uk
>>> >> --
>>> >> 389 users mailing list
>>> >> 389-users@lists.fedoraproject.org
>>> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>> >
>>> >
>>> > --
>>> > 389 users mailing list
>>> > 389-users@lists.fedoraproject.org
>>> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>>
>>>
>>> --
>>> Regards
>>> Fosiul Alam
>>> 07877100621
>>> http://www.fosiul.co.uk
>>> --
>>> 389 users mailing list
>>> 389-users@lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
> --
> Regards
> Fosiul Alam
> 07877100621
> http://www.fosiul.co.uk



--
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 08-06-2012, 01:52 PM
Rich Megginson
 
Default how to generate the userpassword

On 08/05/2012 01:15 PM, Fosiul Alam wrote:

Hi
thanks its works fine. perfectly

Thanks for your help


You should only pass clear text passwords to the directory server. e.g.
in your LDIF:


userPassword: thecleartextpassword

and let the directory server do the hashing for you. Using pre-hashed
passwords defeats password checking. If you do not want to pass these
over an unencrypted channel, then set up TLS/SSL first.


If you feel you must generate pre-hashed passwords (strongly
discouraged) please use the pwdhash command line tool provided with 389
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Shell_Scripts.html#Shell_Scripts-pwdhash_Print_encrypted_password





On Sun, Aug 5, 2012 at 7:24 PM, Fosiul Alam<fosiul@gmail.com> wrote:

Hi thanks for the script

one thing i am still confused is
suppose i want to give password "test123" as default password at time
of user creating
how will i create this password and will put that one in

userPassword: ???



On Sun, Aug 5, 2012 at 6:29 PM, Grzegorz Dwornicki<gd1100@gmail.com> wrote:

Here it is. I was using it to change password on openldap + samba using
ldap. Samba has its own password attribute. This script takes password from
user, encrypt it in crypt + call smbpasswd to set password aswell.

$ cat sambaldapnewpass
#!/bin/bash

#ask user for password:

BASEDN="dc=org1,dc=county"
USERDN="dc=domain1"
BASEDIR=/home/lol87

#login LDAP format: uid=$LOGIN,$USERDN,$BASEDN

if [ -e $1 ];
then
echo "Login"
read LOGIN
else
LOGIN=$1
fi

stty -echo

PASS=s
PASS2=w

while [ $PASS != $PASS2 ];
do
echo "new password:"
read PASS
echo "repeat new password:"
read PASS2
done

stty echo

echo $PASS> $BASEDIR/${LOGIN}.tmp
chmod 400 $BASEDIR/${LOGIN}.tmp

#generate new password for LDAP:

LDAPPASS=$(slappasswd -n -h '{crypt}' -c '$6$%.27s' -T $BASEDIR/${LOGIN}.tmp
-n)
echo $LDAPPASS
rm $BASEDIR/${LOGIN}.tmp

cat $BASEDIR/passchange.ldif | sed ' s/LDAPLOGIN/'$LOGIN'/ ' | sed '
s/BASEDN/'$BASEDN'/ ' | sed ' s/USERDN/'$USERDN'/ '>
$BASEDIR/passchange_tmp.ldif
echo "userPassword: $LDAPPASS">> $BASEDIR/passchange_tmp.ldif
ldapmodify -x -D "cn=admin,dc=domain1,dc=org1,dc=county" -w some_password<
$BASEDIR/passchange_tmp.ldif

#rm $BASEDIR/passchange_tmp.ldif

and now:
$ cat passchange.ldif
dn: uid=LDAPLOGIN,USERDN,BASEDN
changetype: modify
replace: userPassword

You may need to change:

slappasswd -n -h '{crypt}' -c '$6$%.27s' -T $BASEDIR/${LOGIN}.tmp -n

paremeter of -c option defines salt. In my experience i saw many Linux
distros having diferent salt. Part "$6$" is required (look in man page of
crypt function) and "%.27s" means to generate 27chars for salt. More details
you may found in man page of slappasswd. Option -h tells slappasswd to use
format provided as parameter in this case crypt.

I did not use it for some time soo please treat this as a template for your
script. I hope this will help you.

Greg.


2012/8/5 Fosiul Alam<fosiul@gmail.com>

Hi Thanks
i cant use GUI as the script should take care everything
I think it would sha1 .
i will try to find a solution if i cant please post your script here

it would be really helpful
thanks


On Sun, Aug 5, 2012 at 3:49 PM, Grzegorz Dwornicki<gd1100@gmail.com>
wrote:

You can use gui. Just edit user account and type thre new password.
Directory server should encypt it before updating the entry in database.

If you use slappasswd without any parameters it will ask for password
and
generate sha1 hash for you. To use crypt you need to set format to
crypt,
and set proper salt.

I shold have on my pc example script using slappasswd i wrote it some
time
ago. I can't post it now bcause at the moment im on the bus. If no one
will
post example of using slappasswd then I will later. Unless you will find
solution first.

Greg.

Send from htc desire z

05-08-2012 15:34, "Fosiul Alam"<fosiul@gmail.com> napisał(a):


HI
Thanks for reply
I am using Directory Server 389

and I am using a script to create the ldif file

So some how i will have to create userpassword ..

But dont understand .. whats the way to do that
From GUI interface i can create password easily
so whats the syntax to create userpassword ??

Regards


On Sun, Aug 5, 2012 at 2:25 PM, Christopher Wood
<christopher_wood@pobox.com> wrote:

Perhaps use slappasswd?

On Sun, Aug 05, 2012 at 01:58:33PM +0100, Fosiul Alam wrote:

Hi
I am generating the ldif by script.
but i cant understand how will i generate the userpassword.

userPassword: {crypt}x

how this crypt or hash working

Please give me some lights on this.


Regards
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users



--
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users



--
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users



--
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk





--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 11:52 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ę2007 - 2008, www.linux-archive.org