'[webmin-l] Last few details of LDAP Users and Groups modules'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       webmin-l
Subject:    [webmin-l] Last few details of LDAP Users and Groups modules
From:       Craig White <craigwhite () azapple ! com>
Date:       2004-01-22 18:34:49
Message-ID: 1074796488.21267.15.camel () lin-workstation ! azapple ! com
[Download RAW message or body]

unexpected behavior - perhaps it is me...

I create test user with LDAP Users and Groups... - password testuser,
various parameters and then using ldapsearch...


# ldapsearch -x -h localhost -D 'cn=root,o=Domain,c=US' -W
'(uid=testuser)'

Enter LDAP Password:
version: 2

#
# filter: (uid=testuser)
# requesting: ALL
#

# testuser, People, Domain, US
dn: uid=testuser, ou=People,o=Domain,c=US
sambaProfilePath: \\linserv1\profiles\%U
sambaLogonScript: users-pr.bat
cn: Test User
uidNumber: 1054
sambaPrimaryGroupSID: S-1-5-21-1292501092-333717336-619646970-3000
sambaAcctFlags: [U          ]
mail: testuser@Domainpr.com
sambaLMPassword: 0F20048EFC645D0A944E2DF489A880E4
uid: testuser
sambaHomePath: \\linserv2\homes\%U
homeDirectory: /home/users/testuser
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgperson
objectClass: sambaSamAccount
sambaDomainName: Domain
gidNumber: 1000
sambaSID: S-1-5-21-1292501092-333717336-619646970-3108
sambaNTPassword: D183983EAEA7BE9959C8F4C198ED0E68
sambaHomeDrive: h:
sn: User
givenName: Test
loginShell: /bin/sh
sambaPwdCanChange: 1074795371
sambaPwdMustChange: 2147483647
sambaPwdLastSet: 1074795371
userPassword:: e0NSWVBUfSQxJDBaa28vRHR5JFNPOXpNQy5UbHRlMG5FUzRrdi9aSzA=

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

***
and it all looks good...

but then I 'edit' testuser with LDAP Users and Groups and leave the password \
unchanged but change another attribute - say the sambaAcctFlags

then I run the ldapsearch again...


# ldapsearch -x -h localhost -D 'cn=root,o=Domain,c=US' -W
'(uid=testuser)'

Enter LDAP Password:
version: 2

#
# filter: (uid=testuser)
# requesting: ALL
#

# testuser, People, Domain, US
dn: uid=testuser, ou=People,o=Domain,c=US
sambaLMPassword: 0F20048EFC645D0A944E2DF489A880E4
sambaNTPassword: D183983EAEA7BE9959C8F4C198ED0E68
sambaPwdCanChange: 1074795371
sambaPwdMustChange: 2147483647
sambaPwdLastSet: 1074795371
sambaProfilePath: \\linserv1\profiles\%U
sambaLogonScript: users-pr.bat
cn: Test User
uidNumber: 1054
sambaPrimaryGroupSID: S-1-5-21-1292501092-333717336-619646970-3000
sambaAcctFlags: [UX         ]
mail: testuser@Domainpr.com
userPassword:: e2NyeXB0fXtDUllQVH0kMSQwWmtvL0R0eSRTTzl6TUMuVGx0ZTBuRVM0a3YvWks
 w
uid: testuser
sambaHomePath: \\linserv2\homes\%U
homeDirectory: /home/users/testuser
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgperson
objectClass: sambaSamAccount
sambaDomainName: Domain
gidNumber: 1000
sambaSID: S-1-5-21-1292501092-333717336-619646970-3108
sambaHomeDrive: h:
sn: User
givenName: Test
loginShell: /bin/sh

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

uh oh...the password has changed...

The first time, the password is...
userPassword:: e0NSWVBUfSQxJDBaa28vRHR5JFNPOXpNQy5UbHRlMG5FUzRrdi9aSzA=

the second time the password ends up being...
userPassword:: e2NyeXB0fXtDUllQVH0kMSQwWmtvL0R0eSRTTzl6TUMuVGx0ZTBuRVM0a3YvWks
 w

This means that to edit an existing user, I MUST know the password and re-enter it \
correctly or the user cannot log on to various posix supplied services.

neither the sambaNTPassword nor the sambaLMPassword changed - only the userPassword \
attribute changed.

Is this intended behavior? Is there something wrong with my setup?
RH AS 3 - my slapd.conf appropriate lines would be...
-
password-hash   {crypt}
password-crypt-salt-format      "$1$%.8s"
-
Should I be using MD5 or something else instead of crypt?

Also, one other little 'unintended feature' - admittedly less important to me...

If I manually edit the sambaAcctFlags property...
[UX         ]  - I must remove all the empty spaces in the string or the module will \
not save changes. Even if I make sure that the number of characters & spaces is \
exactly 11

Craig



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
-
Forwarded by the Webmin mailing list at webadmin-list@lists.sourceforge.net
To remove yourself from this list, go to
http://lists.sourceforge.net/lists/listinfo/webadmin-list


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic