Article

Do you use case sensitive passwords with eDirectory 8.8 over LDAP? Are you sure? Turns out that /etc/init.d/ndsd appears to have an error.

I was recently working through some test scripts and thought that my eDirectory 8.8.3 was using case sensitive universal passwords over LDAP. To my surprise, it was not.

I did some digging and found that for Universal Password to be tried first via LDAP, the environment variable NDSD_TRY_NMASLOGIN_FIRST must be set to true in the /etc/init.d/ndsd startup script.

Reference:

http://www.novell.com/support/viewContent.do?externalId=3307424&sliceId=1

When I looked at that script what I found was the following:

79 if [ -d /opt/novell/xad/lib/nds-modules ]; then
80 NDSD_TRY_NMASLOGIN_FIRST=true
81 export NDSD_TRY_NMASLOGIN_FIRST
82 fi

The problem here is that /opt/novell/xad/lib/nds-modules doesn't exist so these values are never set. I'm not sure whether this is intentional or not, but I then searched for all files called nds-modules and the only one present in the file system was: /opt/novell/eDirectory/lib/nds-modules

With that info in hand I updated the ndsd start script to the following:

79 ##########CORRECTED########### if [ -d /opt/novell/xad/lib/nds-modules ]; then
80 if [ -d /opt/novell/eDirectory/lib/nds-modules ]; then
81 NDSD_TRY_NMASLOGIN_FIRST=true
82 export NDSD_TRY_NMASLOGIN_FIRST
83 fi

A restart of eDirectory and now my LDAP passwords are case sensitive.

While this is well documented in the above TID, I do wonder why this if statement is present, and why not make it the default.

Hope you find this helpful.