Re: [Fedora-directory-users] userPassword is base64 encoded

[Andreas Hasenack <ahasenack terra com br>]

Em Terça 07 Junho 2005 21:58, Sævaldur Gunnarsson escreveu:
> I posted the following on the samba-users mailing list:
> --
> 
> I'm switching from OpenLDAP to the newly released Fedora Directory 
> Server (formely known as the Netscape Directory Server) as a LDAP 
> backend for my Samba domain.
> 
> I'm now faced with a problem regarding how Fedora DS handles the 
> userPassword field.
> Unlike OpenLDAP it encodes it in base64 so instead of reading
> userPassword: {SSHA}8FZY4LdYi1f1oA5YgDw/+h/Rmy0mEeyO
> it reads:
> userPassword:: e1NTSEF9OEZaWTRMZFlpMWYxb0E1WWdEdy8raC9SbXkwbUVleU8=

That shouldn't pose a problem by itself. Note the double colons (::), 
indicating that this is base64.

> [2005/06/07 19:27:45, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1731)
>    ldapsam_update_sam_account: failed to modify user with uid = gg, 
> error: Current passwd must be supplied by the user.
>     (Success)

Samba binds to the DS as the admin server and then just attempts to overwrite 
the userPassword attribute (I assume you have ldap sync turned on). It seems 
DS doesn't like it: it requires the current password first. Perhaps there is 
some configuration change that can help.