Hi
I think, this might rather be a password-hashing problem... when crating a
SSHA Password Hash, a "salt" is used - which might/should be some attribute of
the user - such as the uid.
When cpoying an SSHA "hash" from user "A" to user "B" - User "B" won't be
able to log in with user "A"'s password.
When comparing the password attributes are being compared, a new SSHA "hash"
is calculated first, unsing the username "B" as salt. This is then compared
to the hash that was calculated using the username "A" in the first place.
This compare will fail.
greetings & bye
Timm
> I created a new user entry and used
> userPassword:{SSHA}22onNmlYVY5lUwkx0zkzb+LYODZTLp1Z in the .ldif file. I
> simply substituted all the aaron13 string to aaron14 in the ldif file and
> then loaded the file into ldap.
> Now when I try to login I get the message below.
> Could my ldif file be wrong (I've attached it), kindly see attachment.
>
> [aaron@development aaron]$ telnet localhost 110
> Trying 127.0.0.1...
> Connected to development (127.0.0.1).
> Escape character is '^]'.
> +OK <[EMAIL PROTECTED]>
> user aaron14
> +OK
> pass aaron
> -ERR user record incorrect
> Connection closed by foreign host.
>
>
> Allan Kamau.
>
>
> -----Original Message-----
> From: Claudio Jeker [mailto:[EMAIL PROTECTED]]
> Sent: 21 January 2003 11:01
> To: [EMAIL PROTECTED]
> Subject: Re: libsasl.so.7: failed error
>
> On Tue, Jan 21, 2003 at 01:51:28AM -0500, Speedfreak wrote:
> > On January 21, 2003 12:59 am, Kamau Allan wrote:
> > > And my aaron13.ldif which I used in creating the user's entry into
> > > openLDAP is as flows.
> > >
> > > dn:uid=aaron13,dc=arril,dc=net
> > > userPassword:aaron
> >
> > I don't think "userPassword:aaron" will work unless you have
> > -DCLEARTEXTPASSWORD enabled in the Makefile. Try setting
> > "userPassword:{SSHA}22onNmlYVY5lUwkx0zkzb+LYODZTLp1Z" (ie. sha hash
> > of the string 'aaron') instead. You can get the hash using
> > slappasswd with OpenLDAP.
> >
>
> Another problem is that the uid is aaron13 and the uid is used for the
> auth_* lookup in ldap not the mail address.
>
> --
> :wq Claudio
>
>
