IMHO, at least iPlanet DS knows crypt encryption, so one can copy the
encrypted password from the shadow file to the ldif. In this case, you have
to prefix the password with {crypt}.
I think the same cannot be applied to MD5-encrypted passwords (linux'es, ...)
while iPlanet cannot handle that kind of encryption (at least according to:
http://docs.sun.com/source/816-5609-10/aci.htm#15410 )
I wouldn't use any cleartext password-collecting trojans until there is a
pale distant light of reaching success another way. I'm just busy enough to
keep these trojans away from our systems.
Regards,
Kristof
2002. september 28. 21:59 you wrote:
> I know I've got to be missing something easy here, but I've been having
> trouble answering this question. I have an old Solaris 7 server with
> 2000+ user accounts in /etc/shadow format handling email. I'm switching
> to a new qmail-ldap system on several FreeBSD systems. How on earth do
> I convert the user passwords from the Solaris /etc/shadow crypt style to
> a format that will work with qmail-ldap. Just copying the entry from
> /etc/shadow into an ldif file for a user, and loading that into the LDAP
> server doesn't work. I can set up the account with a MD5 digest and
> things work great, but you need the cleartext to generate that. At some
> point we'll slowly migrate customers to use something more secure than
> crypt, but I need to find a way to use the /etc/shadow file contents in
> the userPassword attribute on each users LDAP entry to avoid a bunch of
> angry customers. I've found lots of information converting Linux's
> /etc/shadow but Solaris uses the old 13char string format. Any help
> would be greatly appreciated.
>
> - Tom
