Results 1 to 6 of 6

Thread: zimbra migrating with passwords

  1. #1
    Join Date
    May 2007
    Location
    Calgary
    Posts
    62
    Rep Power
    8

    Default zimbra migrating with passwords

    I can dump the ldap data, is there a way I can import the encrypted passwords into a new zimbra server's ldap?
    I was going to use "zmprov" to import my domains and email accounts.
    I could install the passwords with zmprov, but I do not think that zmprov will except a "already encrypted" password.

    Thanks for the ideas.

    Chris

  2. #2
    Join Date
    Feb 2008
    Location
    Easton PA
    Posts
    63
    Rep Power
    7

    Default

    Why not just configure your zimbra server to authenticate off of your ldap server if it's already got your passwords?

    In the Admin Web GUI:

    Configuration --> Domains --> $your_domain --> Authentication

    Then click Configure Authentication to start with wizard.

    I'm running Zimbra but keeping a separate OpenLDAP server even though Zimbra bundles it's own OpenLDAP server for Zimbra things. However, I see them as separate and one won't replace the other. In theory you should be able to get the Zimbra LDAP password and then open with an LDAP browser to snoop around and put the password there if they used the same hash. I'd test this on one account before you break something however.

  3. #3
    Join Date
    May 2007
    Location
    Calgary
    Posts
    62
    Rep Power
    8

    Default

    Thanks.

    I am actually migrating from one Zimbra version on an different OS to another new install with a current version of Zimbra and onto a supported OS.

    I can't just import the ldap dump because it has all the config details in it and the versions are different.
    I am trying to avoid asking users to re-set their passwords.

    I am only doing this because I have tried for months to upgrade with every failure imaginable.

    So I am looking for a way to import the encrypted passwords I collected from the ldap dump into a new zimbra ldap schema.

  4. #4
    Join Date
    May 2007
    Posts
    63
    Rep Power
    8

    Default

    I create the users from /etc/passwd crypt's. If you do the following when creating users in Zimbra you can reset the password to the crypt.

    Perl example to create user, and then change password to crypted pass.

    $uname = "testuser";
    $name,$passwd,$uid,$gid) = getpwnam($uname);
    $cryptpass = "{crypt}".$passwd;
    $dummypass = "dummy";
    $hostname = "zimbra.domain.com";
    system("/opt/zimbra/bin/zmprov ca $name@\\$hostname $dummypass zimbraPasswordMinLength 1");
    system("/opt/zimbra/bin/zmprov ma $name@\\$hostname userPassword '$cryptpass'");

  5. #5
    Join Date
    Jan 2008
    Location
    Pretoria
    Posts
    133
    Rep Power
    7

    Default

    zmprov does accept encrypted passwords. I migrated my users without know what the actuall passwords were. They were {md5} hashed and I just created the account (zmprov ca) with the encrypted passwords.

  6. #6
    Join Date
    May 2009
    Posts
    2
    Rep Power
    6

    Default better late than never

    You can slapcat the old server ldap and delete everything except the user/alias records then slapadd those to the new server. The encrypted password will be in there as well and it will come over just fine.

    Pros: gets everything but the actual data, including account preferences etc

    Cons: there are a few things to watch for:
    - if the new server has a different name you'll need to edit that in several places in each record
    - if the version difference is large then there may be some records that are different. Might be a good idea to compare the ldap record for a fully provisioned test user from the new server and adjust the old records accordingly before importing them.

    But no worries if you screw up, just delete them and try again.

Similar Threads

  1. Replies: 8
    Last Post: 01-12-2012, 02:20 AM
  2. admin consol blank after 5.0.3 upgarde
    By maumar in forum Administrators
    Replies: 6
    Last Post: 03-21-2008, 06:16 AM
  3. Replies: 12
    Last Post: 02-25-2008, 07:28 PM
  4. Major Issue - 5.0RC2 NE to 5.0GA NE failed
    By DougWare in forum Installation
    Replies: 7
    Last Post: 01-06-2008, 09:56 PM
  5. svn version still won't start
    By kinaole in forum Developers
    Replies: 0
    Last Post: 10-04-2006, 07:47 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •