Tuesday, October 16, 2007

Changing password in LDAP.

Hello.
Today we faced the problem while changing password stored in LDAP manually, in other words through console. OpenLDAP wants the result to be Base64 encoded.
So we need to use slappasswd command, which is situated in /usr/sbin/ to transform new password to MD5 hash and then transform result to Base64 encoded.

For instance:
slappasswd -h "{md5}" -s "newpassword"
Then result will be like that:
{MD5}Xp0RoUrRyN136Y75tT/Rug==

Afterwards, we can connect to the ldap and made appropriate changes.
For instance:
ldapmodify -h localhost -p 389 -x -D "cn=root,dc=rubicon,dc=gridcommons,dc=net" -w ldap
connects to the ldap located on localhost:389, credentials (user/password) are root/ldap.

Then we can manually change needed branch:

dn: cn=Jeanne Bradford jeanneririo,o=Tom's Business Services,cn=Consumers,dc=rubicon,dc=gridcommons,dc=net
changetype: modify
replace: userPassword
userPassword: {md5}Xp0RoUrRyN136Y75tT/Rug==

Pushing "Enter" and we will see text similar to published below:

modifying entry "cn=Jeanne Bradford jeanneririo,o=Tom's Business Services,cn=Consumers,dc=rubicon,dc=gridcommons,dc=net"

The same result can be achieved by importing data from file. As an example:
ldapmodify -h localhost -p 389 -x -D "cn=root,dc=rubicon,dc=gridcommons,dc=net" -w ldap -f some_file.ldiff, where some_file.ldiff contents looks like:

dn: cn=Jeanne Bradford jeanneririo,o=Tom's Business Services,cn=Consumers,dc=rubicon,dc=gridcommons,dc=net
changetype: modify
replace: userPassword
userPassword: {md5}Xp0RoUrRyN136Y75tT/Rug==

That's all. We can check the results through exporting ldap data. This can be done by:
slapcat dump.ldiff. For instance: slapcat -l /opt/ldap_dump.ldiff.

Good luck to You with LDAP :)