[BBLISA] OpenDir, passwd, LDAP and Linux: Oh my!
Edward Ned Harvey
bblisa2 at nedharvey.com
Mon Dec 3 19:07:39 EST 2007
> ldapsearch -h ldapserver -b "dc=your,dc=base" -D
> "cn=someuser,ou=People,dc=your,dc=base" "(objectClass=*)" dn -w pass1
> ldapsearch -h ldapserver -b "dc=your,dc=base" -D
> "cn=someuser,ou=People,dc=your,dc=base" "(objectClass=*)" dn -w pass2
> ldapsearch -h ldapserver -b "dc=your,dc=base" -D
> "cn=someuser,ou=People,dc=your,dc=base" "(objectClass=*)" dn -w pass3
Thank you very much for this. It works for pass1, it doesn't work for pass2
or pass3.
I therefore must conclude that the original password, pass1, is still the
"important" password in the ldap server. However, I've already proven that
if I change password on clienta, the new password is also usable on clientb.
So the "passwd" operation must be succeeding in changing one of the hashes,
and failing to change some other hash.
I can only think of 2 possible causes for that:
(a) There's a difference between expected ldap structures (schema?) in linux
& mac. So the linux client updates some hash, and doesn't bother trying to
update the one the mac cares about.
Or
(b) The "passwd" operation isn't atomic (succeeds to update one hash, fails
to update another)
I'm out of time for today, will have to come back to this later.
More information about the bblisa
mailing list