26.8 Importing Hash Based Passwords Into eDirectory

Passwords can be imported into eDirectory via an LDIF in DIGEST-MD5, crypt, SHA, and SSHA hash. Perform the following steps to import the MD5 hash based passwords into eDirectory:

  1. Create a MD5 hash in base64 format using the following command:

    echo -n <password> | openssl md5 -binary | base64

    NOTE:eDirectory supports hash based passwords only in base64 format.

  2. Add the text which is returned while creating the MD5 hash in an LDIF file as shown in the below example:

    dn: cn=sp1,o=novell
    control: 2.16.840.1.113719.
    changetype: modify
    replace: userPassword
    userPassword: {md5}CSbJUP4kfDtGXrE+JY7kaNI5oGU=

    NOTE:Ensure that there is no password policy applied to the user that is modified via the LDIF file.

  3. Add the following variables to the pre_ndsd_start script and restart eDirectory. By default the script is located at /opt/novell/eDirectory/sbin.

  4. Install both Simple Password and DIGEST-MD5 NMAS methods and make the Simple Password method as the default method.

  5. Use ice with the -l option for the LDAP destination handler using the following command:

    ice -S LDIF -f ./change_pass.ldiff -D LDAP -s -p 636 -d cn=admin,o=novell -w n -l -L /var/opt/novell/eDirectory/data/SSCert.der