Add manually entries into ldap

Offline

Add manually entries into ldap

Resolved

0 votes

Hello all,
Still on my project to import users from an AD. This works fine ; I can import my users, modify and remove them.

they can connect to the network using their credentials. the only problem I have left is that users can't change their passwords. When importing users from the AD export, paswords are not exported. So, wenn I create the new entries into my COS , I generate a new password. with that, users can login on their MAc computers and connect to the Clearos webconsole to change their password.
but once they are connected to the COS web console, when they are trying to change their password, the have the following error message : password incorrect !
That's very strange because they were able to connect to the web console a few seconds ago with that same password !

I've absolutely no idea what could I do to solve that ... (or maybe another way to allow users to change their password)
If someone has an idea... it's very welcome because my project of importing our students need that to be ready ...
Thanks to all for your help

In Directory / LDAP

Friday, February 28 2020, 03:24 PM

Share this post:

Responses (11)

Accepted Answer
Arnaud Forster

Offline
Monday, March 02 2020, 03:21 PM - #Permalink
Resolved

0 votes

interesting :
using a Mac computer, I was able to open a session using my login /password and then modify the password. The encryption was, this time, made by the mac computer and is :
userPassword: {SSHA}QXaqoyafUB9dlbQb19HlMcOR2FzsNQdk

but again, I then can connect to the COS webconsole but as soon as I'd like to change my password, COS says that the password I give is not correct. it really seems that clearos saves this password somewhere else with another encryption's type ...
The reply is currently minimized Show
Accepted Answer
Arnaud Forster

Offline
Monday, March 02 2020, 02:17 PM - #Permalink
Resolved

0 votes

Here's a printscreen between 2 differents account. The one in the console has beencreated throught the normal webconsole and the second one with my import tool :

For the account created with the normal clearos console, I dont know where are stored the seconde values for the same attribute !

Most of encrypted passwords are the same .. but ..

Attachments:

Differences.png
The reply is currently minimized Show
Accepted Answer
Arnaud Forster

Offline
Monday, March 02 2020, 01:58 PM - #Permalink
Resolved

0 votes

Here's the result :

[root@SRV-COS /]# echo -n test1 | sha1sum | awk '{print $1}'
b444ac06613fc8d63795be9ad0beaf55011936ac

exactly the same than you.
The reply is currently minimized Show
Accepted Answer
Nick Howitt

Offline
Monday, March 02 2020, 01:42 PM - #Permalink
Resolved

0 votes

And what do you get if you try creating the clearSHA1Password with wither the tool I linked to or the cammand I gave? both give me the same value as I see from slapcat.
The reply is currently minimized Show
Accepted Answer
Arnaud Forster

Offline
Monday, March 02 2020, 01:31 PM - #Permalink
Resolved

0 votes

This time I'm lost : If I create a new user from the admin web console, I've 2 entries for some attributes with different values !

[root@SRV-COS /]# slapcat -n3 | grep 'uid: test1' -B 40 -A 20 | grep Password:

clearSHAPassword: {sha}LvwrJ49A1sW6XzKZuqsYl1KgeYY=
clearSHAPassword: {sha}tESsBmE/yNY3lb6a0L6vVQEZNqw=

clearSHA1Password: 2efc2b278f40d6c5ba5f3299baab189752a07986
clearSHA1Password: b444ac06613fc8d63795be9ad0beaf55011936ac

clearMicrosoftNTPassword: 858DF190ACA5EE0080D5C2331FFE69AB
clearMicrosoftNTPassword: AACD12D27C87CAC8FC0B8538AED6F058

sambaNTPassword: 858DF190ACA5EE0080D5C2331FFE69AB

userPassword:: ZTNOb1lYMU1kbmR5U2pRNVFURnpWelpZZWt0YWRYRnpXV3d4UzJkbFdWazk=
userPassword:: e3NoYX10RVNzQm1FL3lOWTNsYjZhMEw2dlZRRVpOcXc9

If I open my ldap using a web tool, I can see the values in bold... really strange
The reply is currently minimized Show
Accepted Answer
Arnaud Forster

Offline
Monday, March 02 2020, 12:54 PM - #Permalink
Resolved

0 votes

You're right, I can't create the clearSHA1Password with the correct encryption but it doesn't seems it is used in the user password.

When I create a new user from the COS Webconsoke with the password 'test1' I get the following entry in my ldapadmin webtool : (cf joined picture)

userPassword: {sha}tESsBmE/yNY3lb6a0L6vVQEZNqw=

But when asking with your commande, it's completely different :

root@SRV-COS /]# slapcat -n3 | grep 'uid: test1' -B 40 -A 20 | grep Password:
userPassword:: e3NoYX1MdndySjQ5QTFzVzZYektadXFzWWwxS2dlWVk9

I dont understand this difference but my problem could come from there. Now, I need to find which kind of encryption it is. I can create som encryption from my importing tools but not all :

I've the following options to create my passwords : :

static string HASH_MD5
static String HASH_SHA1
static String HASH_SHA256
static String HASH_SHA512

and those others :

computeSambaLMPassword(String password) : Encrypt a password for samba, LMPassword version.
static String computeSambaNTPassword(String password) : Encrypt a password for samba, NTPassword version.
static String encrypt(String value)

thanks very much fo your help

Attachments:

Test1_User.png
The reply is currently minimized Show
Accepted Answer
Nick Howitt

Offline
Monday, March 02 2020, 12:04 PM - #Permalink
Resolved

0 votes

You don't seem to be updating the clearSHA1Password field. You can work it out from places like http://www.sha1-online.com/ or, from the command line:
echo -n YOUR_TEXT | sha1sum | awk '{print $1}'
I've no idea what the clearSHAPassword is but you seem you have cracked that one. I am not sure about your userPassword as mine does not claim to be a hashed entry:
slapcat -n3 | grep 'uid: test1' -B 40 -A 20 | grep Password: userPassword:: e3NoYX10RVNzQm1FL3lOWTNsYjZhMEw2dlZRRVpOcXc9 clearSHAPassword: {sha}tESsBmE/yNY3lb6a0L6vVQEZNqw= clearSHA1Password: b444ac06613fc8d63795be9ad0beaf55011936ac clearMicrosoftNTPassword: AACD12D27C87CAC8FC0B8538AED6F058 sambaNTPassword: AACD12D27C87CAC8FC0B8538AED6F058
and:
echo -n test1 | sha1sum | awk '{print $1}' b444ac06613fc8d63795be9ad0beaf55011936ac
This is for a user "test1" and password "test1"
The reply is currently minimized Show
Accepted Answer
Arnaud Forster

Offline
Monday, March 02 2020, 11:32 AM - #Permalink
Resolved

0 votes

Hello Nick,
thanks for your answer. So I deleted my user and lauch my import tool again. then, I tried to flush the caches without any success.

Maybe I can ask ClearOS team and offer to solve my problem... because if imported users can't change their password, my entire project will be abandoned

What is reallay strange .. when I try to modify the user password with the ldap admin tool, I can do it but I get the same error when trying to modify it .. I think there's really somehting else than the ldap where the password are stored ..

Anyway thank for your help

Attachments:

LDapAdmintool.png
The reply is currently minimized Show
Accepted Answer
Nick Howitt

Offline
Monday, March 02 2020, 09:59 AM - #Permalink
Resolved

0 votes

Have you tried flushing the caches after an import? I think it is:

nscd -i passwd nscd -i group nscd -i netgroup
I don't know what the netgroup cache is but it exists.

p.s. Gold only really gives you help with features available through the webconfig. Platinum gives you a bit more with file tweaking of existing apps. I think you are looking for full development help.
The reply is currently minimized Show
Accepted Answer
Arnaud Forster

Offline
Monday, March 02 2020, 09:14 AM - #Permalink
Resolved

0 votes

Hello all,

I'm really

I created the same user, once using the webconsole admin and once using my tool. Except one value (clearSH1Password), both entries have the same values (I joined the file).
I made many tests and it seems that this is the attribute "userPassword" that should do the trick. As you can see every userPassword are the same so I dont understand why, when trying to modify my password after a successfull login, I always get the answer 'Invalid password' for my existing password. Then encryption is the same !

to go futher in my project and by the business licence, I need to solve that problem. Maybe bying the business licence could solve that ?

Any idea is very welcome because I really need to solve that as soon as possible ...
Thanks to all from your help
kind regards

Attachments:

LDAPEntryNOTWorking.png

LDAPEntryWorking.png
The reply is currently minimized Show
Accepted Answer
Arnaud Forster

Offline
Monday, March 02 2020, 09:11 AM - #Permalink
Resolved

0 votes

Hello all,

I'm really

I created the same user, once using the webconsole admin and once using my tool. Except one value (clearSH1Password), both entries have the same values (I joined the file).
I made many tests and it seems that this is the attribute "userPassword" that should do the trick. As you can see every userPassword are the same so I dont understand why, when trying to modify my password after a successfull login, I always get the answer 'Invalid password' for my existing password. Then encryption is the same !

to go futher in my project and by the business licence, I need to solve that problem. Maybe bying the business licence could solve that ?

Any idea is very welcome because I really need to solve that as soon as possible ...
Thanks to all from your help
kind regards
The reply is currently minimized Show

Your Reply

Please login to post a reply

You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.

Community Forums

ClearOS Portal

ClearVM Platform

ClearVM 2 Platform

Forums