Hello All,
I am trying to retrieve all of the user attributes of an ldap user.
When i run the following
command, i get back all of the user attributes except the userPassword
field
ldapsearch -x -b
'uid=user100,cn=MyGroup,dc=ftp,dc=mylocaldomain,dc =org'
will return the following:
dn: uid=user100,cn=MyGroup,dc=ftp,dc=mylocaldomain,dc= org
uid: user100
cn: MyGroup
sn: user100
uidNumber: 8872
gidNumber: 881
homeDirectory: /ftpusers/user100
objectClass: person
objectClass: Person
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
Any suggestions?
Thank you,

It's a security/access problem.

You need to bind to the server in order to view the userPassword.

Try binding with some account, and you will se the userPassword field, for
example:

ldapsearch -x -W -D "uid=myuid,ou=People,dc=programapuente,dc=cl"
"(uid=myuid)" userPassword

Here you give the Distinguished Name to bind:
-D "uid=myuid,ou=People,dc=programapuente,dc=cl"

And the criteria to search:
"(uid=myuid)"

The field to return (optional).
userPassword

You can connect as manager if you wish.
For me it's ok not to show the password to anybody, even it's encrypted.

Hans

29 Nov 2006 20:19:20 -0800, lancerset wrote
Hello All,

I am trying to retrieve all of the user attributes of an ldap user.
When i run the following
command, i get back all of the user attributes except the
userPassword field

ldapsearch -x -b
'uid=user100,cn=MyGroup,dc=ftp,dc=mylocaldomain,dc =org'

will return the following:

dn: uid=user100,cn=MyGroup,dc=ftp,dc=mylocaldomain,dc= org
uid: user100
cn: MyGroup
sn: user100
uidNumber: 8872
gidNumber: 881
homeDirectory: /ftpusers/user100
objectClass: person
objectClass: Person
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount

Any suggestions?
Thank you,

Hans Christian Poo Rocco, Gerente General WeLinux.S.A.
: 672.93.18, Cel: 09-319.93.05, hans (AT) welinux (DOT) cl, http://www.welinux.cl
Nataniel Cox # 210 56, Santiago de Chile

Thank you for the response. more question, how can i disable
binding so any user can access userPassword attribute?

Thank you,

Hans Poo wrote:
It's a security/access problem.

You need to bind to the server in order to view the userPassword.

Try binding with some account, and you will se the userPassword field, for
example:

ldapsearch -x -W -D "uid=myuid,ou=People,dc=programapuente,dc=cl"
"(uid=myuid)" userPassword

Here you give the Distinguished Name to bind:
-D "uid=myuid,ou=People,dc=programapuente,dc=cl"

And the criteria to search:
"(uid=myuid)"

The field to return (optional).
userPassword

You can connect as manager if you wish.
For me it's ok not to show the password to anybody, even it's encrypted.

Hans

29 Nov 2006 20:19:20 -0800, lancerset wrote
Hello All,

I am trying to retrieve all of the user attributes of an ldap user.
When i run the following
command, i get back all of the user attributes except the
userPassword field

ldapsearch -x -b
'uid=user100,cn=MyGroup,dc=ftp,dc=mylocaldomain,dc =org'

will return the following:

dn: uid=user100,cn=MyGroup,dc=ftp,dc=mylocaldomain,dc= org
uid: user100
cn: MyGroup
sn: user100
uidNumber: 8872
gidNumber: 881
homeDirectory: /ftpusers/user100
objectClass: person
objectClass: Person
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount

Any suggestions?
Thank you,
--
Hans Christian Poo Rocco, Gerente General WeLinux.S.A.
: 672.93.18, Cel: 09-319.93.05, hans (AT) welinux (DOT) cl, http://www.welinux.cl
Nataniel Cox # 210 56, Santiago de Chile

I've not done so, but please take a look to the various access directives in
slapd.conf. Actually my slapd.conf has this ACL:

access to attr=userPassword
by self write
by anonymous auth
by * none

I guess if you play a while with this, you're going to find the answer.

With respect to the other comments: The passwords are not encrypted, they are
hashed with some "one way hash algorithm": they can't be unencrypted.

Hans

30 Nov 2006 13:02:28 -0800, lancerset wrote
Thank you for the response. more question, how can i disable
binding so any user can access userPassword attribute?

Thank you,

Hans Poo wrote:
It's a security/access problem.

You need to bind to the server in order to view the userPassword.

Try binding with some account, and you will se the userPassword field, for
example:

ldapsearch -x -W -D "uid=myuid,ou=People,dc=programapuente,dc=cl"
"(uid=myuid)" userPassword

Here you give the Distinguished Name to bind:
-D "uid=myuid,ou=People,dc=programapuente,dc=cl"

And the criteria to search:
"(uid=myuid)"

The field to return (optional).
userPassword

You can connect as manager if you wish.
For me it's ok not to show the password to anybody, even it's encrypted.

Hans

29 Nov 2006 20:19:20 -0800, lancerset wrote
Hello All,

I am trying to retrieve all of the user attributes of an ldap user.
When i run the following
command, i get back all of the user attributes except the
userPassword field

ldapsearch -x -b
'uid=user100,cn=MyGroup,dc=ftp,dc=mylocaldomain,dc =org'

will return the following:

dn: uid=user100,cn=MyGroup,dc=ftp,dc=mylocaldomain,dc= org
uid: user100
cn: MyGroup
sn: user100
uidNumber: 8872
gidNumber: 881
homeDirectory: /ftpusers/user100
objectClass: person
objectClass: Person
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount

Any suggestions?
Thank you,
--
Hans Christian Poo Rocco, Gerente General WeLinux.S.A.
: 672.93.18, Cel: 09-319.93.05, hans (AT) welinux (DOT) cl, http://www.welinux.cl
Nataniel Cox # 210 56, Santiago de Chile

Hans Christian Poo Rocco, Gerente General WeLinux.S.A.
: 672.93.18, Cel: 09-319.93.05, hans (AT) welinux (DOT) cl, http://www.welinux.cl
Nataniel Cox # 210 56, Santiago de Chile