LinkBack URL
About LinkBacks
Import MD5 Hashes into Zimbra LDAP Directory
Hello everyone:
I'm trying to migrate my old postfix users' passwords hashed in MD5 to Zimbra CS 7.0. I'm able to view the postfix's passwords with this simple sql query:
I read this:mysql> select Username, Password from postfix.mailbox;
+-----------------------------+----------------------------------+
|⠀Username⠀⠀⠀⠀⠀⠀|⠀Password⠀⠀⠀⠀⠀⠀⠀⠀⠀|
+-----------------------------+----------------------------------+
|⠀mailadmin@mydomain.com⠀⠀⠀| db77e4a763ec5b10bd818a39XXXXc7bd⠀|
|⠀user1@mydomain.com⠀⠀⠀⠀⠀⠀| 6473275beXXXXd628855e20736b9aeb6⠀|
etc...
Password Migration - Zimbra :: Wiki
And I executed a simple "modify account" on a user:
But it didn't work, after read some related threads i executed:zmprov ma mailadmin@mydomain.com userPassword '{crypt}db77e4a763ec5b10bd818a39XXXXc7bd'
It failed again. So I had to go deeper into, using ldapsearch and ldapmodify:zmprov ma mailadmin@mydomain.com userPassword '{MD5}db77e4a763ec5b10bd818a39XXXXc7bd'
It gave me:/opt/zimbra/openldap/bin/ldapsearch -H ldap://mail.mydomain.com l -D uid=zimbra,cn=admins,cn=zimbra -x -w <my-pass> | grep -A 10 mailadmin
I changed it with:...
userPassword:: ADfdsafaSGFASQ== (a base 64 value with {SSHA})
Now, the userPassword says:/opt/zimbra/openldap/bin/ldapmodify -x -h mail.mydomain.com -D "uid=zimbra,cn=admins,cn=zimbra" -w <mypass>
dn: uid=mailadmin,ou=people,dc=mydomain,dc=com
changetype: modify
replace: userPassword
userPassword: {MD5}db77e4a763ec5b10bd818a39XXXXc7bd
modifying entry "uid=mailadmin,ou=people,dc=mydomain,dc=com"
Please note that "::" means that the value is written in Base64. The above text says: {MD5}db77e4a763ec5b10bd818a39XXXXc7bd, that looks gooduserPassword:: e01ENX1kYjc3ZTRhNzYzZWM1YjEwYmQ4MThhMzlYWFhYYzdiZA ==
But the problem is not solved. I need to import all those MD5 hashes into the LDAP directory. I've read and tried some methods like putting "password-hash {MD5}" into slapd.conf and so, but it isn't working.
What can I do? Thanks in advance.
Best Regards.
codeN_
P.S: user accounts, the domain and the hashes had been modified because of privacy issues.
