[ILUG] Moving authentication to LDAP
Mel
mel at csn.ul.ie
Thu Jan 31 14:17:24 GMT 2002
I'm working here on some way to migrate a passwd+shadow file to openldap
only and am running into problems for authentication. I've used tools to
import the contents of the files up but that isn't any use for using
pam_ldap as the openldap password is different to the login ones. The
problem appears to be that to authenticate, the client needs to be able to
bind to the server and for that, it needs to bind as the user. Thing is
shadow passwords and openldap passwords aren't the same so it doesn't
work.
Does anyone know what needs to be done so that either
a) pam_ldap can send an encrypted password to the openldap server which
compares it to userPassword and returns true/false allowing someone to
log in or
b) Migrating the passwd file in such a way that a persons ldap password is
the same as their login password. for this, the migrate_passwd tool is
not he answer. When I imported the encrypted password with {crypt} in
front of it, it didn't work. I suspect because the shadow passwords are md5
Copious amounts of googling have only showed people with similar problems
and much fiddling around has yielded nothing :-/ . Resetting everyones
password is not an option :-)
--
Mel
More information about the ILUG
mailing list