Currently doing a targeted sync of userPassword field from one LDAP to
another following this process.
1) Query using ldapsearch and grab userPassword field.
2) Deode string using base64 –d
3) Import resultant encrypted password into other ldap using
ldapmodify.
This process worked when the password decoded into {crypt} format, but
after they upgraded and changed to {SSHA} format passwords, it no longer
works. Also confirmed with Oracle LDAP admins that the decode matches our
{SSHA} string.
*Is there some additional configuration information I need to request from
the oracle LDAP server administrators for server or client config in
openldap?*
# Querying other LDAP server
$ ldapsearch -h oracleServer -D - -w - -b - "uid=-" | grep ^userPassword
userPassword::
e1NTSEF9S3hNQVVoRGY0Y0ZMVXdVREZQb1VDMFNvRFdRb0c2TnNLRTVZUWc9PQ=
$ ldapsearch -h oracleServer -D - -w - -b - "uid=-" | grep ^userPassword |
base64 -d
{SSHA}KxMAUhDf4cFLUwUDFPoUC0SoDWQoG6NsKE5YQg==base64: invalid input
## After importing decrypted into new server, the encrypted string matches.
$ ldapsearch -h openLDAPServer -D - -w - "uid=-" | grep ^userPassword
userPassword::
e1NTSEF9S3hNQVVoRGY0Y0ZMVXdVREZQb1VDMFNvRFdRb0c2TnNLRTVZUWc9PQ=
