Q&A: Can I Copy a User Password From LDAP to UCS-LDAP?

ldap
qa
openldap
password

#1

Question:

Can I copy a user password from OpenLDAP to UCS-LDAP?

Answer

Yes this is possible.

Step 1

Create a ldif file with the password hash on your source OpenLDAP server:

Erstellen eines ldif-Files, das den Passwort-Hash von testuser2 durch den Passwort-Hash von testuser1 ersetzen soll:

#testuser.ldif
dn: uid=testuser,cn=users,dc=intranet,dc=example,dc=org
changetype: modify
replace: userPassword
userPassword: {crypt}$6$65JTqZlPijyrL/y8$4lwxEw6BbJ5EOfFg1HubE88b6AtfJvUh16aWFzVY5JlFSmQzcDYmtG1jWT8bJLKpsYPau/WKB6.xMQ/RjGeHa1

Step 2

Import the ldif file to UCS LDAP:

root@ucs-dst:~# ldapmodify -D cn=admin,$(ucr get ldap/base) -y /etc/ldap.secret -f testuser.ldif
modifying entry "uid=testuser,cn=users,dc=intranet,dc=example,dc=org"

Step 3

Verify password is set as desired:

root@ucs-dst:~# univention-ldapsearch -LLLo ldif-wrap=no uid=testuser userPassword | ldapsearch-decode64
dn: uid=testuser,cn=users,dc=intranet,dc=example,dc=org
userPassword: {crypt}$6$65JTqZlPijyrL/y8$4lwxEw6BbJ5EOfFg1HubE88b6AtfJvUh16aWFzVY5JlFSmQzcDYmtG1jWT8bJLKpsYPau/WKB6.xMQ/RjGeHa1

It should report the crypted password as written into the ldif-file.


closed #2