LDAP Synchronization

Robert Colquhoun robert.colquhoun at gmail.com
Sun Jun 17 00:20:41 MDT 2012

Following up my own post:

On Sat, Jun 16, 2012 at 4:36 PM, Robert Colquhoun
<robert.colquhoun at gmail.com> wrote:
> At the moment can only change the password if i have clear text.
> Looking at the code it seems to do some kind of switch if the first
> character is a " then assumes a plain text password follows otherwise
> some kind of hash is assumed.

> ie It has converted my plain text password input into something else,
> what exactly? and is it compatible in any way with the previous
> 'sambaNTPassword' that samba3/ldap systems use?

The unicodePwd appears to be same hash as for sambaNTPassword in
samba3 ldap just using base 64 encoding rather than direct hex
printing of the value previously.

Cannot seem to set it though by specifying the hash value directly, if
try with ldbmodify of previous example get back:

ERR: (Unwilling to perform) "setup_io: it's not allowed to set the NT
hash password directly'"

Looking at source it seems to want the value
"DSDB_CONTROL_PASSWORD_HASH_VALUES_OID" value enabled somehow, not
sure how to do this.

Thanks for any assistance.

- Robert

More information about the samba-technical mailing list