I need to migrate legacy directory-like Mysql data to a new ldap database. Not much hassle except for the passwords. They are stored as sha1 in the Mysql database (I checked I can generate them by typing "echo -n "cleartextpassword" | openssl dgst -sha1
").
The problem is I fail to import them in our openldap server.
I'm afraid there might be 2 problems here.
First an encryption / encoding problem: is this sha1 encoding usable as such in ldap at all?
An interface problem: when I use ldapadd
or ldapmodify
to enter/update the userPassword
field, the data provided in the ldif file is re-encrypted. Is it possible to somehow bypass this problem ?
Thanks in advance
Best Answer
I finally got it, after a lot of trials.
The sha1 strings I have are so-called hex-digest. To get them into openldap, I first need to convert them back to binary sha1 digest and then base64 encode them.
On the command line one could do that with:
Then the resulting string should be inserted in the ldif file this way:
For those interested, this could be done in Python this way: