1 Topic by jstewart

  • jstewart
  • Member
  • Offline
  • Registered: 2017-02-10
  • Posts: 102

Topic: create_mail_user_OpenLDAP - passwords

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version: CentOS 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro? yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
I have created a csv file to try and import users from an old sendmail system with passwords stored in /etc/shadow

If I modify the userPassword: line in the generated ldif file from:
userPassword: {SSHA}4T5Wen8lsWYbw8kJEWY+FCmIhogKy3yy
to:
userPassword: {crypt}$1$05749264$tdyKfmVhsf0bI8oCD5cp30 (after {crypt} is copied directly from the shadow file:
username:$1$05749264$tdyKfmVhsf0bI8oCD5cp30:17427::::::

everything imports correctly, but the password in LDAP is not SSHA

Is there a way to modify the python script so that if I use the encrypted password from the shadow file, the script will convert it to SSHA and I can have consistency in my LDAP database?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: create_mail_user_OpenLDAP - passwords

jstewart wrote:

userPassword: {crypt}$1$05749264$tdyKfmVhsf0bI8oCD5cp30 (after {crypt} is copied directly from the shadow file:

This is (salted) MD5.

if you can successfully login with imported password, then it's fine. If you want to be SSHA, no way to convert MD5 to SSHA directly, you have to ask users to change password via Roundcube/SOGo/iRedAdmin-Pro.