search cancel

User password hash migration Legacy LDAP to CA Directory - Siteminder

book

Article ID: 256365

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

 

When migrating users from the Legacy LDAP system to the CA Directory LDAP User Directory to work with Policy Server.

The Legacy LDAP system has a logic to get passwords in plain text.

How to hash the passwords before importing them into the CA Directory LDAP User Directory?

 

Resolution

 

Policy Server doesn't handle the hashing of the password; the CA Directory LDAP Store does handle it.

The only data Policy Server encrypts the password blob (1).

Run the ldapsearch command line on the Policy Server to bind the user, and see if the command is successful or not after having imported the users with their passwords in the new User Store:

  # ldapsearch "-b base_dn" -x "-D user_dn" -w password -h ldapserver_ip:port -s sub 'users_attribute'

ex.:

  # ldapsearch "-b cn=Users,dc=training,dc=com" -x "-D cn=jsmith,cn=Users,dc=training,dc=com" -w [email protected] -h 192.168.1.110:389 -s sub 'cn=jsmith'

 

Additional Information

 

(1)

    Password Data blob when migrating User Directory data to a new store