[Freeipa-users] Trying to migrate, can't set hashed passwords
Ben Slusky
bslusky at smartling.com
Mon Mar 9 18:13:01 UTC 2015
Greetings FreeIPA users,
I'm setting up FreeIPA service in our production environment to replace
several different authentication methods for various systems. I'm trying to
migrate the first wave of users now My plan was to copy their passwords
from an old LDAP directory (one of the aforementioned several
authentication methods) and then send them to the migration page to finish
the job.
bslusky at ipa1.aws:~$ head techteam-passwords.ldif
dn: uid=user1001,cn=users,cn=accounts,dc=smartling,dc=int
changeType: modify
replace: userPassword
userPassword:: e1NTSE[...]
-
dn: uid=user1002,cn=users,cn=accounts,dc=smartling,dc=int
changeType: modify
replace: userPassword
userPassword:: e1NIQX[...]
Unfortunately it isn't working:
bslusky at ipa1.aws:~$ ldapmodify -x -D cn=directory\ manager -W -f
techteam-passwords.ldif
Enter LDAP Password:
modifying entry "uid=user1001,cn=users,cn=accounts,dc=smartling,dc=int"
ldap_modify: Operations error (1)
I found some possible causes of this error, and fixed them:
bslusky at ipa1.aws:~$ ipa config-show |grep migration
Enable migration mode: TRUE
bslusky at ipa1.aws:~$ ldapsearch -x -D cn=directory\ manager -W -b cn=config
|grep allow-hashed
Enter LDAP Password:
nsslapd-allow-hashed-passwords: on
Still no soap. Any suggestions?
TIA,
-
-Ben
--
*Ben Slusky*Smartling, Inc. Senior Operations Engineer
bslusky at smartling.com | smartling.com <http://www.smartling.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150309/8d03c79f/attachment.htm>
More information about the Freeipa-users
mailing list