This is pretty specific to my work, but I found a few nice things out. In order to search for a person in the LDAP directory, do a:
[root@cwmedia08 openldap]# ldapsearch -D 'cn=manager' -W -x -b "o=<domainname>" "(login=name*)"
and this should return the ldap record for the person specified. The userPassword looks something like:
userPassword:: e1NTSEF9Z0pGekpPVDVRaGNrKzdCaTdFZGk4aWVHUkZTQmlWOSs=
and it turns out that if the field is followed by a double colon (::), then the field is base64 encrypted. Openssl provides us with a way of encrypting and decrypting from base64 (http://www.linuxjournal.com/article/8958).
To encrypt to base64:
[root@cwmedia08 openldap]# echo "blah blah blah" | openssl base64
YmxhaCBibGFoIGJsYWgK
To decrypt from base64:
[root@cwmedia08 openldap]# echo "YmxhaCBibGFoIGJsYWgK" | openssl base64 -d
blah blah blah
In order to generate passwords, there's a nice little utility shipped with openLDAP called slappasswd, which allows you to generate the password that you want in any number of different encryption schemes:
[root@cwmedia08 openldap]# /opt/insight/sbin/slappasswd -h {SSHA}
New password:
Re-enter new password:
{SSHA}HHc6iraOFjfP/seaNarwehQ2gpJ20hD7
[root@cwmedia08 openldap]#
Now, I just need to work out how to update entries in the ldap system!
Popularity: 10% [?]
(1 votes, average: 5.00 out of 5)
Loading ...
Latest Comments