Passwords can be imported into eDirectory via an LDIF in DIGEST-MD5, crypt, SHA, and SSHA hash. Perform the following steps to import the MD5 hash based passwords into eDirectory:
Create a MD5 hash in base64 format using the following command:
echo -n <password> | openssl md5 -binary | base64
NOTE:eDirectory supports hash based passwords only in base64 format.
Add the text which is returned while creating the MD5 hash in an LDIF file as shown in the below example:
dn: cn=sp1,o=novell control: 2.16.840.1.113719.1.27.101.5 changetype: modify replace: userPassword userPassword: {md5}CSbJUP4kfDtGXrE+JY7kaNI5oGU=
NOTE:Ensure that there is no password policy applied to the user that is modified via the LDIF file.
Add the following variables to the pre_ndsd_start script and restart eDirectory. By default the script is located at /opt/novell/eDirectory/sbin.
NDSD_TRY_NMASLOGIN_FIRST=true export NDSD_TRY_NMASLOGIN_FIRST
Install both Simple Password and DIGEST-MD5 NMAS methods and make the Simple Password method as the default method.
Use ice with the -l option for the LDAP destination handler using the following command:
ice -S LDIF -f ./change_pass.ldiff -D LDAP -s 164.99.163.236 -p 636 -d cn=admin,o=novell -w n -l -L /var/opt/novell/eDirectory/data/SSCert.der