[Fedora-directory-users] Migrate users from Netscape LDAP to Red Hat DS

Rich Megginson rmeggins at redhat.com
Mon Jan 14 22:20:02 UTC 2008 

Ankur Agarwal wrote:
> Thanks Richard!
>  
> But how does Red Hat DS know that it need not rehash the password?
Bec
>  
> e.g. Suppose I create a ldif file saying:
> userPassword=testppassword
>  
> and export another ldif:
> userPassword=xyzRR$#==
>  
> First one is in plain english since I create that and second one is in 
> hashed format because I have exported an existing user. Now if i 
> import these 2 to another Red Hat instance how will that new instance 
> know that second one is already hashed?
Usually when you export entries using db2ldif you will get LDIF like this:
dn: uid=scarter,....
....
userPassword: {SSHA}ls089x08sd090808sd08=
...

If you import this into RHDS, RHDS will see that userPassword is already 
hashed using SSHA and will just use the value.

If you are getting the userPassword values some other way, you can just 
set the value to
{scheme}base64password
e.g.
{SSHA}lsdf098asdf8z908023lj=
>  
> regards,
> Ankur
>
>
> */Rich Megginson <rmeggins at redhat.com>/* wrote:
>
>     Ankur Agarwal wrote:
>     > Hi,
>     >
>     > We want to migrate users from Netscape LDAP to RedHat DS. On
>     RedHat we
>     > have created a similar schema (as existing on netscape) and now
>     plan
>     > to export LDIF from Netscape and import that into RedHat DS. This
>     > should work fine but what will happen to the user passwords
>     since in
>     > the export they will be hashed. Will they get successfully imported
>     > into RedHat or will they get rehashed during the import thus
>     sopiling
>     > the migration.
>     They will be migrated. Red Hat DS should support all of the password
>     hashing schemes used by Netscape DS (unless you are using crypt or a
>     custom scheme).
>     >
>     > Please advise how should we plan user migration using some simple
>     > mechanism.
>     >
>     > regards,
>     > Ankur
>     >
>     >
>     ------------------------------------------------------------------------
>     > Looking for last minute shopping deals? Find them fast with Yahoo!
>     > Search.
>     >
>     >
>     >
>     ------------------------------------------------------------------------
>     >
>     > --
>     > Fedora-directory-users mailing list
>     > Fedora-directory-users at redhat.com
>     > https://www.redhat.com/mailman/listinfo/fedora-directory-users
>     >
>
>     --
>     Fedora-directory-users mailing list
>     Fedora-directory-users at redhat.com
>     https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
> ------------------------------------------------------------------------
> Looking for last minute shopping deals? Find them fast with Yahoo! 
> Search. 
> <http://us.rd.yahoo.com/evt=51734/*http://tools.search.yahoo.com/newsearch/category.php?category=shopping> 
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20080114/7cd55fda/attachment.bin>

More information about the Fedora-directory-users mailing list