December 19, 2016 at 12:24 pm #14885sharad.jashParticipant
Hi Forgerock team,
I’m trying to import users from one open-dj server to another for that I have imported all user data in ldif and trying to import them but while doing so I encountered that I’m unable to use the same password that I have in the previous server.
I have done the following changes before importing .
1. In default password policy – allow-pre-encoded-passwords: true
ldapmodify -p 1389 -D “cn=Directory Manager” -w password
Later I read some blogs saying that Open-DJ does some base64 encoding while importing passwords.
December 19, 2016 at 1:08 pm #14891LudoModerator
- This topic was modified 3 months, 1 week ago by sharad.jash.
Could you please be more explicit with the problem you are encountering ?
What do you mean by “unable to use the same password” ?December 19, 2016 at 1:30 pm #14892sharad.jashParticipant
I meant that For e.g the user1 has password user123 in an encrypted format(as shown earlier)
So when I’m importing user1 into second server with that per-encoded password,it is not accepting that password.
the encoded password is different in both the systems.
I hope you are able to get what I’m saying.
Thanks for help…
December 19, 2016 at 2:24 pm #14898LudoModerator
- This reply was modified 3 months, 1 week ago by sharad.jash.
How is the encoded password different ?
How do you authenticate ?
Have you checked the server’s access logs for the authentication attempt ? What is the exact error message ?December 20, 2016 at 1:30 pm #14946Bill NelsonParticipant
You don’t mention how you are setting the allow-pre-encoded-passwords attribute to true in the password policy. Keep in mind that you cannot simply edit the config.ldif file and make this change (if that is how you are doing it).
I can tell you that you are on the right track, however, and using the dsconfig command to set this attribute works just fine. I have used the following many many times to move hashed passwords from one LDAP server to another.
/path/to/opendj/bin/dsconfig set-password-policy-prop –policy-name “Default Password Policy” –set allow-pre-encoded-passwords:true –hostname localhost –port 4444 –bindDN cn=”Directory Manager” –bindPassword password –trustAll –no-prompt
You must be logged in to reply to this topic.