How to change the NMAS Simple Password with LDAP
(Last modified: 30Oct2003)
This document (10066348) is provided subject to the disclaimer at the end of this document.
goal
How to change the NMAS Simple Password with LDAP
fact
Native File Access Pack (NFAP) for NetWare 6.0
Native File Access Pack (NFAP) for NetWare 5.1
fix
The simple password is set by modifying the 'userpassword' attribute and attaching the Simple Password control
(defined as 2.16.840.1.113719.1.27.101.5) to the LDAP add or modify operation.
The purpose of the Simple Password is to allow migration of an object with a hashed password into eDirectory. Simple Passwords are also used when binding with the DIGEST-MD5 SASL mechanism and NetWare CIFS.
The simple password value may be specified as the original clear text password, or as the result of hashing the password with the Secure Hash (SHA), Salted Secure Hash (SSHA), digest-md5 (MD5) or Unix Crypt (CRYPT) algorithm. If the DIGEST-MDG SASL mechanism is to be used to authenticate users, or if the Simple Password is to be used for CIFS, the simple password must be stored as clear text (not hashed.)
When specified, the NDS Import Convert Export (ICE) utility uses this control to update the simple password. Check the option to "Store NMAS Simple passwords/Hashed passwords" if using the wizard, or use the -l parameter on the command line. The ldif file defines userpassword as follows:
userpassword: clearTextPassword
or encrypted:
userpassword: {SHA}qUqP5cyxm6YcTAhz05Hph5gvu9M=
To programmatically update the simple password, define the control which is passed to the add or modify operation. The Novell Developer Kit includes samples for changing Simple Password in the LDAP Libraries for C at http://developer.novell.com/ndk/doc/samplecode/cldap_sample/index.htm. The LDAP Classes for JAVA should include a sample at http://developer.novell.com/ndk/doc/samplecode/jldap_sample/index.htm on the October release. Contact Novell Developer Support for more information.
Note: NMAS is required to use the Simple Password.
The ICE utility musts be ran against an LDAP server that has NMAS installed.
symptom
Error: Record 1: LBURP operation failed: 80(Unknown error).
cause
NMAS has some server specific settings. Edir 8.71 installs NMAS so this won't be a problem once the servers are updated.
fix
Point ICE to a server that has NMAS installed.
document
| Document Title: | How to change the NMAS Simple Password with LDAP |
| Document ID: | 10066348 |
| Solution ID: | NOVL64578 |
| Creation Date: | 26Nov2001 |
| Modified Date: | 30Oct2003 |
| Novell Product Class: | NetWare Novell eDirectory |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.