have an existing ldap userbase and I am trying to migrate it to UCS LDAP. Regarding passwords, what is an acceptable syntax for the password param, i.e.:
udm users/user create .. --set password=<..>
namely, what kind of hashes/crypt inputs are accepted?
Hi,
sorry to say, but for udm only plaintext passwords are acceptable.
So you could set a default password and force your users to change it after login. OR directly write the password into the LDAP directory.
So possibly you could create the user by udm with a default password set and afterwards get the DN of this user and write the crypted password to the corresponding attribute of this user.
/CV
Hey,
to expand why you cannot simply hand over existing hashes: in UCS domains passwords are required to be stored in three different places with three different types of hashing:
userPassword)sambaNTPassword)krb5Key)The system can only create (hash with the corresponding algorithm) all of them from the plain text, unencrypted, unhashed password.
Migrating from a system that doesn’t provide all three attributes therefore requires setting new passwords for all users.
Kind regards,
mosu