首先,我是 OpenLDAP 设置的新手。我遵循了以下说明:
HowToForge.com Linux OpenLDAP 设置
#root
dn: dc=localhost,dc=com
dc: localhost
objectClass: dcObject
objectClass: organizationalUnit
ou: rootObject
ou: localhost.com
dn: ou=People,dc=localhost,dc=com
ou: People
objectClass: organizationalUnit
dn: uid=root,ou=People,dc=localhost,dc=com
uid: root
cn: Manager
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword {crypt}$6$l4IzdQnUVegcZdxH$L3winJgau4xxFBcvXgg2dzLs0eQ.8LS9rKWx6DeV/JPNnCZW6i9oCS/9rCtAzrdCie3qrgSMYvz4zKhJXIwcL1
shadowLastChange: 15792
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: root
dn: uid=operator,ou=People,dc=localhost,dc=com
uid: operator
cn: operator
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}*
shadowLastChange: 15628
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /sbin/nologin
uidNumber: 11
gidNumber: 0
homeDirectory: /root
gecos: operator
dn: uid=adam,ou=People,dc=localhost,dc=com
uid: adam
cn: adam
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$6$oZVvz21C$HCHh90xQhCYN.9YCHG7P3d.y7Kx3Od6qkBjJy.S0QDSh57STBPJyHjxhuBbe73BB0QGFqj86JqnJCe3HqCJmD.
shadowLastChange: 15806
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 502
gidNumber: 502
homeDirectory: /home/adam
dn: uid=eve,ou=People,dc=localhost,dc=com
uid: eve
cn: eve
......
当我使用命令导入此 ldif 文件中包含的所有用途时:
slapadd -n 2 -l /etc/openldap/localhost.com.ldif
我没有遇到任何错误。
然后我使用 JXplorer 确认所有对象都位于 localhost.com 下的 LDAP 树中。
但是当我尝试对 LDAP 用户进行身份验证时,应用程序总是会反馈用户密码不正确?这是为什么呢?
是不是因为这个 ldif 中定义了“hased/shadowed”密码?我应该改用普通密码吗?
另外,我无法从 JXploprer GUI 内部修改用户密码,因为它抱怨:
“无法执行修改操作”...
我发现这一定与我的 slapd.conf 有关。比如我无法修改用户密码。有没有办法在 slapd.conf 中解决这个问题?
#######################################################################
# database definitions
#######################################################################
database bdb
suffix "dc=localhost,dc=com"
checkpoint 1024 15
rootdn "cn=Manager,dc=localhost,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
rootpw {SSHA}ITG/tKlnULV84uCPuZRVUoSvKpqKTwjB
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
提前谢谢了
答案1
您如何散列您的密码?
userPassword {crypt}$6$l4IzdQnUVegcZdxH$L3winJgau4xxFBcvXgg2dzLs0eQ.8LS9rKWx6DeV/JPNnCZW6i9oCS/9rCtAzrdCie3qrgSMYvz4zKhJXIwcL1
看起来哈希值是错误的。它应该短得多。不久前我遇到了类似的事情,并通过在我的加密函数中添加随机盐来解决。