You can use gui. Just edit user account and type thre new password. Directory server should encypt it before updating the entry in database.
If you use slappasswd without any parameters it will ask for password and generate sha1 hash for you. To use crypt you need to set format to crypt, and set proper salt.
I shold have on my pc example script using slappasswd i wrote it some time ago. I can't post it now bcause at the moment im on the bus. If no one will post example of using slappasswd then I will later. Unless you will find solution first.
Greg.
Send from htc desire z
05-08-2012 15:34, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
HI
Thanks for reply
I am using Directory Server 389
and I am using a script to create the ldif file
So some how i will Â*have to create userpassword ..
But dont understand .. whats the way Â*to do that
From GUI interface i can create password Â*easily
so whats the syntax to create userpassword ??
Regards
On Sun, Aug 5, 2012 at 2:25 PM, Christopher Wood
<christopher_wood@pobox.com> wrote:
> Perhaps use slappasswd?
>
> On Sun, Aug 05, 2012 at 01:58:33PM +0100, Fosiul Alam wrote:
>> Hi
>> I am generating Â*the ldif by script.
>> but i cant understand how Â*will i generate the userpassword.
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
08-05-2012, 02:55 PM
Fosiul Alam
how to generate the userpassword
Hi Thanks
i cant use GUI as the script should take care everything
I think it would sha1 .
i will try to find a solution if i cant please post your script here
it would be really helpful
thanks
On Sun, Aug 5, 2012 at 3:49 PM, Grzegorz Dwornicki <gd1100@gmail.com> wrote:
> You can use gui. Just edit user account and type thre new password.
> Directory server should encypt it before updating the entry in database.
>
> If you use slappasswd without any parameters it will ask for password and
> generate sha1 hash for you. To use crypt you need to set format to crypt,
> and set proper salt.
>
> I shold have on my pc example script using slappasswd i wrote it some time
> ago. I can't post it now bcause at the moment im on the bus. If no one will
> post example of using slappasswd then I will later. Unless you will find
> solution first.
>
> Greg.
>
> Send from htc desire z
>
> 05-08-2012 15:34, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
>
>> HI
>> Thanks for reply
>> I am using Directory Server 389
>>
>> and I am using a script to create the ldif file
>>
>> So some how i will have to create userpassword ..
>>
>> But dont understand .. whats the way to do that
>> From GUI interface i can create password easily
>> so whats the syntax to create userpassword ??
>>
>> Regards
>>
>>
>> On Sun, Aug 5, 2012 at 2:25 PM, Christopher Wood
>> <christopher_wood@pobox.com> wrote:
>> > Perhaps use slappasswd?
>> >
>> > On Sun, Aug 05, 2012 at 01:58:33PM +0100, Fosiul Alam wrote:
>> >> Hi
>> >> I am generating the ldif by script.
>> >> but i cant understand how will i generate the userpassword.
>> >>
>> >> userPassword: {crypt}x
>> >>
>> >> how this crypt or hash working
>> >>
>> >> Please give me some lights on this.
>> >>
>> >>
>> >> Regards
>> >> --
>> >> 389 users mailing list
>> >> 389-users@lists.fedoraproject.org
>> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
>> > --
>> > 389 users mailing list
>> > 389-users@lists.fedoraproject.org
>> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>> --
>> Regards
>> Fosiul Alam
>> 07877100621
>> http://www.fosiul.co.uk
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
08-05-2012, 05:29 PM
Grzegorz Dwornicki
how to generate the userpassword
Here it is. I was using it to change password on openldap + samba using ldap. Samba has its own password attribute. This script takes password from user, encrypt it in crypt + call smbpasswd to set password aswell.
paremeter of -c option defines salt. In my experience i saw many Linux distros having diferent salt. Part "$6$" is required (look in man page of crypt function) and "%.27s" means to generate 27chars for salt. More details you may found in man page of slappasswd. Option -h tells slappasswd to use format provided as parameter in this case crypt.
I did not use it for some time soo please treat this as a template for your script. I hope this will help you.
Greg.
2012/8/5 Fosiul Alam <fosiul@gmail.com>
Hi Thanks
i cant use GUI Â*as the script should take care everything
I think it would sha1 .
i will try to find a solution if i cant please post your script here
it would be really helpful
thanks
On Sun, Aug 5, 2012 at 3:49 PM, Grzegorz Dwornicki <gd1100@gmail.com> wrote:
> You can use gui. Just edit user account and type thre new password.
> Directory server should encypt it before updating the entry in database.
>
> If you use slappasswd without any parameters it will ask for password and
> generate sha1 hash for you. To use crypt you need to set format to crypt,
> and set proper salt.
>
> I shold have on my pc example script using slappasswd i wrote it some time
> ago. I can't post it now bcause at the moment im on the bus. If no one will
> post example of using slappasswd then I will later. Unless you will find
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
08-05-2012, 06:24 PM
Fosiul Alam
how to generate the userpassword
Hi thanks for the script
one thing i am still confused is
suppose i want to give password "test123" as default password at time
of user creating
how will i create this password and will put that one in
userPassword: ???
On Sun, Aug 5, 2012 at 6:29 PM, Grzegorz Dwornicki <gd1100@gmail.com> wrote:
> Here it is. I was using it to change password on openldap + samba using
> ldap. Samba has its own password attribute. This script takes password from
> user, encrypt it in crypt + call smbpasswd to set password aswell.
>
> $ cat sambaldapnewpass
> #!/bin/bash
>
> #ask user for password:
>
> BASEDN="dc=org1,dc=county"
> USERDN="dc=domain1"
> BASEDIR=/home/lol87
>
> #login LDAP format: uid=$LOGIN,$USERDN,$BASEDN
>
> if [ -e $1 ];
> then
> echo "Login"
> read LOGIN
> else
> LOGIN=$1
> fi
>
> stty -echo
>
> PASS=s
> PASS2=w
>
> while [ $PASS != $PASS2 ];
> do
> echo "new password:"
> read PASS
> echo "repeat new password:"
> read PASS2
> done
>
> stty echo
>
> echo $PASS > $BASEDIR/${LOGIN}.tmp
> chmod 400 $BASEDIR/${LOGIN}.tmp
>
> #generate new password for LDAP:
>
> LDAPPASS=$(slappasswd -n -h '{crypt}' -c '$6$%.27s' -T $BASEDIR/${LOGIN}.tmp
> -n)
> echo $LDAPPASS
> rm $BASEDIR/${LOGIN}.tmp
>
> cat $BASEDIR/passchange.ldif | sed ' s/LDAPLOGIN/'$LOGIN'/ ' | sed '
> s/BASEDN/'$BASEDN'/ ' | sed ' s/USERDN/'$USERDN'/ ' >
> $BASEDIR/passchange_tmp.ldif
> echo "userPassword: $LDAPPASS" >> $BASEDIR/passchange_tmp.ldif
> ldapmodify -x -D "cn=admin,dc=domain1,dc=org1,dc=county" -w some_password <
> $BASEDIR/passchange_tmp.ldif
>
> #rm $BASEDIR/passchange_tmp.ldif
>
> and now:
> $ cat passchange.ldif
> dn: uid=LDAPLOGIN,USERDN,BASEDN
> changetype: modify
> replace: userPassword
>
> You may need to change:
>
> slappasswd -n -h '{crypt}' -c '$6$%.27s' -T $BASEDIR/${LOGIN}.tmp -n
>
> paremeter of -c option defines salt. In my experience i saw many Linux
> distros having diferent salt. Part "$6$" is required (look in man page of
> crypt function) and "%.27s" means to generate 27chars for salt. More details
> you may found in man page of slappasswd. Option -h tells slappasswd to use
> format provided as parameter in this case crypt.
>
> I did not use it for some time soo please treat this as a template for your
> script. I hope this will help you.
>
> Greg.
>
>
> 2012/8/5 Fosiul Alam <fosiul@gmail.com>
>>
>> Hi Thanks
>> i cant use GUI as the script should take care everything
>> I think it would sha1 .
>> i will try to find a solution if i cant please post your script here
>>
>> it would be really helpful
>> thanks
>>
>>
>> On Sun, Aug 5, 2012 at 3:49 PM, Grzegorz Dwornicki <gd1100@gmail.com>
>> wrote:
>> > You can use gui. Just edit user account and type thre new password.
>> > Directory server should encypt it before updating the entry in database.
>> >
>> > If you use slappasswd without any parameters it will ask for password
>> > and
>> > generate sha1 hash for you. To use crypt you need to set format to
>> > crypt,
>> > and set proper salt.
>> >
>> > I shold have on my pc example script using slappasswd i wrote it some
>> > time
>> > ago. I can't post it now bcause at the moment im on the bus. If no one
>> > will
>> > post example of using slappasswd then I will later. Unless you will find
>> > solution first.
>> >
>> > Greg.
>> >
>> > Send from htc desire z
>> >
>> > 05-08-2012 15:34, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
>> >
>> >> HI
>> >> Thanks for reply
>> >> I am using Directory Server 389
>> >>
>> >> and I am using a script to create the ldif file
>> >>
>> >> So some how i will have to create userpassword ..
>> >>
>> >> But dont understand .. whats the way to do that
>> >> From GUI interface i can create password easily
>> >> so whats the syntax to create userpassword ??
>> >>
>> >> Regards
>> >>
>> >>
>> >> On Sun, Aug 5, 2012 at 2:25 PM, Christopher Wood
>> >> <christopher_wood@pobox.com> wrote:
>> >> > Perhaps use slappasswd?
>> >> >
>> >> > On Sun, Aug 05, 2012 at 01:58:33PM +0100, Fosiul Alam wrote:
>> >> >> Hi
>> >> >> I am generating the ldif by script.
>> >> >> but i cant understand how will i generate the userpassword.
>> >> >>
>> >> >> userPassword: {crypt}x
>> >> >>
>> >> >> how this crypt or hash working
>> >> >>
>> >> >> Please give me some lights on this.
>> >> >>
>> >> >>
>> >> >> Regards
>> >> >> --
>> >> >> 389 users mailing list
>> >> >> 389-users@lists.fedoraproject.org
>> >> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
>> >> > --
>> >> > 389 users mailing list
>> >> > 389-users@lists.fedoraproject.org
>> >> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>> >>
>> >>
>> >>
>> >> --
>> >> Regards
>> >> Fosiul Alam
>> >> 07877100621
>> >> http://www.fosiul.co.uk
>> >> --
>> >> 389 users mailing list
>> >> 389-users@lists.fedoraproject.org
>> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
>> >
>> >
>> > --
>> > 389 users mailing list
>> > 389-users@lists.fedoraproject.org
>> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>> --
>> Regards
>> Fosiul Alam
>> 07877100621
>> http://www.fosiul.co.uk
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
08-05-2012, 07:15 PM
Fosiul Alam
how to generate the userpassword
Hi
thanks its works fine. perfectly
Thanks for your help
On Sun, Aug 5, 2012 at 7:24 PM, Fosiul Alam <fosiul@gmail.com> wrote:
> Hi thanks for the script
>
> one thing i am still confused is
> suppose i want to give password "test123" as default password at time
> of user creating
> how will i create this password and will put that one in
>
> userPassword: ???
>
>
>
> On Sun, Aug 5, 2012 at 6:29 PM, Grzegorz Dwornicki <gd1100@gmail.com> wrote:
>> Here it is. I was using it to change password on openldap + samba using
>> ldap. Samba has its own password attribute. This script takes password from
>> user, encrypt it in crypt + call smbpasswd to set password aswell.
>>
>> $ cat sambaldapnewpass
>> #!/bin/bash
>>
>> #ask user for password:
>>
>> BASEDN="dc=org1,dc=county"
>> USERDN="dc=domain1"
>> BASEDIR=/home/lol87
>>
>> #login LDAP format: uid=$LOGIN,$USERDN,$BASEDN
>>
>> if [ -e $1 ];
>> then
>> echo "Login"
>> read LOGIN
>> else
>> LOGIN=$1
>> fi
>>
>> stty -echo
>>
>> PASS=s
>> PASS2=w
>>
>> while [ $PASS != $PASS2 ];
>> do
>> echo "new password:"
>> read PASS
>> echo "repeat new password:"
>> read PASS2
>> done
>>
>> stty echo
>>
>> echo $PASS > $BASEDIR/${LOGIN}.tmp
>> chmod 400 $BASEDIR/${LOGIN}.tmp
>>
>> #generate new password for LDAP:
>>
>> LDAPPASS=$(slappasswd -n -h '{crypt}' -c '$6$%.27s' -T $BASEDIR/${LOGIN}.tmp
>> -n)
>> echo $LDAPPASS
>> rm $BASEDIR/${LOGIN}.tmp
>>
>> cat $BASEDIR/passchange.ldif | sed ' s/LDAPLOGIN/'$LOGIN'/ ' | sed '
>> s/BASEDN/'$BASEDN'/ ' | sed ' s/USERDN/'$USERDN'/ ' >
>> $BASEDIR/passchange_tmp.ldif
>> echo "userPassword: $LDAPPASS" >> $BASEDIR/passchange_tmp.ldif
>> ldapmodify -x -D "cn=admin,dc=domain1,dc=org1,dc=county" -w some_password <
>> $BASEDIR/passchange_tmp.ldif
>>
>> #rm $BASEDIR/passchange_tmp.ldif
>>
>> and now:
>> $ cat passchange.ldif
>> dn: uid=LDAPLOGIN,USERDN,BASEDN
>> changetype: modify
>> replace: userPassword
>>
>> You may need to change:
>>
>> slappasswd -n -h '{crypt}' -c '$6$%.27s' -T $BASEDIR/${LOGIN}.tmp -n
>>
>> paremeter of -c option defines salt. In my experience i saw many Linux
>> distros having diferent salt. Part "$6$" is required (look in man page of
>> crypt function) and "%.27s" means to generate 27chars for salt. More details
>> you may found in man page of slappasswd. Option -h tells slappasswd to use
>> format provided as parameter in this case crypt.
>>
>> I did not use it for some time soo please treat this as a template for your
>> script. I hope this will help you.
>>
>> Greg.
>>
>>
>> 2012/8/5 Fosiul Alam <fosiul@gmail.com>
>>>
>>> Hi Thanks
>>> i cant use GUI as the script should take care everything
>>> I think it would sha1 .
>>> i will try to find a solution if i cant please post your script here
>>>
>>> it would be really helpful
>>> thanks
>>>
>>>
>>> On Sun, Aug 5, 2012 at 3:49 PM, Grzegorz Dwornicki <gd1100@gmail.com>
>>> wrote:
>>> > You can use gui. Just edit user account and type thre new password.
>>> > Directory server should encypt it before updating the entry in database.
>>> >
>>> > If you use slappasswd without any parameters it will ask for password
>>> > and
>>> > generate sha1 hash for you. To use crypt you need to set format to
>>> > crypt,
>>> > and set proper salt.
>>> >
>>> > I shold have on my pc example script using slappasswd i wrote it some
>>> > time
>>> > ago. I can't post it now bcause at the moment im on the bus. If no one
>>> > will
>>> > post example of using slappasswd then I will later. Unless you will find
>>> > solution first.
>>> >
>>> > Greg.
>>> >
>>> > Send from htc desire z
>>> >
>>> > 05-08-2012 15:34, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
>>> >
>>> >> HI
>>> >> Thanks for reply
>>> >> I am using Directory Server 389
>>> >>
>>> >> and I am using a script to create the ldif file
>>> >>
>>> >> So some how i will have to create userpassword ..
>>> >>
>>> >> But dont understand .. whats the way to do that
>>> >> From GUI interface i can create password easily
>>> >> so whats the syntax to create userpassword ??
>>> >>
>>> >> Regards
>>> >>
>>> >>
>>> >> On Sun, Aug 5, 2012 at 2:25 PM, Christopher Wood
>>> >> <christopher_wood@pobox.com> wrote:
>>> >> > Perhaps use slappasswd?
>>> >> >
>>> >> > On Sun, Aug 05, 2012 at 01:58:33PM +0100, Fosiul Alam wrote:
>>> >> >> Hi
>>> >> >> I am generating the ldif by script.
>>> >> >> but i cant understand how will i generate the userpassword.
>>> >> >>
>>> >> >> userPassword: {crypt}x
>>> >> >>
>>> >> >> how this crypt or hash working
>>> >> >>
>>> >> >> Please give me some lights on this.
>>> >> >>
>>> >> >>
>>> >> >> Regards
>>> >> >> --
>>> >> >> 389 users mailing list
>>> >> >> 389-users@lists.fedoraproject.org
>>> >> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>> >> > --
>>> >> > 389 users mailing list
>>> >> > 389-users@lists.fedoraproject.org
>>> >> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> Regards
>>> >> Fosiul Alam
>>> >> 07877100621
>>> >> http://www.fosiul.co.uk
>>> >> --
>>> >> 389 users mailing list
>>> >> 389-users@lists.fedoraproject.org
>>> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>> >
>>> >
>>> > --
>>> > 389 users mailing list
>>> > 389-users@lists.fedoraproject.org
>>> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>>
>>>
>>> --
>>> Regards
>>> Fosiul Alam
>>> 07877100621
>>> http://www.fosiul.co.uk
>>> --
>>> 389 users mailing list
>>> 389-users@lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
> --
> Regards
> Fosiul Alam
> 07877100621
> http://www.fosiul.co.uk
--
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
08-06-2012, 01:52 PM
Rich Megginson
how to generate the userpassword
On 08/05/2012 01:15 PM, Fosiul Alam wrote:
Hi
thanks its works fine. perfectly
Thanks for your help
You should only pass clear text passwords to the directory server. e.g.
in your LDIF:
userPassword: thecleartextpassword
and let the directory server do the hashing for you. Using pre-hashed
passwords defeats password checking. If you do not want to pass these
over an unencrypted channel, then set up TLS/SSL first.
If you feel you must generate pre-hashed passwords (strongly
discouraged) please use the pwdhash command line tool provided with 389
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Shell_Scripts.html#Shell_Scripts-pwdhash_Print_encrypted_password
On Sun, Aug 5, 2012 at 7:24 PM, Fosiul Alam<fosiul@gmail.com> wrote:
Hi thanks for the script
one thing i am still confused is
suppose i want to give password "test123" as default password at time
of user creating
how will i create this password and will put that one in
userPassword: ???
On Sun, Aug 5, 2012 at 6:29 PM, Grzegorz Dwornicki<gd1100@gmail.com> wrote:
Here it is. I was using it to change password on openldap + samba using
ldap. Samba has its own password attribute. This script takes password from
user, encrypt it in crypt + call smbpasswd to set password aswell.
paremeter of -c option defines salt. In my experience i saw many Linux
distros having diferent salt. Part "$6$" is required (look in man page of
crypt function) and "%.27s" means to generate 27chars for salt. More details
you may found in man page of slappasswd. Option -h tells slappasswd to use
format provided as parameter in this case crypt.
I did not use it for some time soo please treat this as a template for your
script. I hope this will help you.
Greg.
2012/8/5 Fosiul Alam<fosiul@gmail.com>
Hi Thanks
i cant use GUI as the script should take care everything
I think it would sha1 .
i will try to find a solution if i cant please post your script here
it would be really helpful
thanks
On Sun, Aug 5, 2012 at 3:49 PM, Grzegorz Dwornicki<gd1100@gmail.com>
wrote:
You can use gui. Just edit user account and type thre new password.
Directory server should encypt it before updating the entry in database.
If you use slappasswd without any parameters it will ask for password
and
generate sha1 hash for you. To use crypt you need to set format to
crypt,
and set proper salt.
I shold have on my pc example script using slappasswd i wrote it some
time
ago. I can't post it now bcause at the moment im on the bus. If no one
will
post example of using slappasswd then I will later. Unless you will find
solution first.
how to generate the userpassword
