Resolves: bug 262021

Bug Description: Migration script does not migrate nsDS5ReplicaCredentials correctly.
Reviewed by: nhosoi (Thanks!)
Fix Description: We still need to be able to decrypt passwords using the broken method.  I guess it works on Solaris and HP because the values are already in network byte order.  But when the values were encrypted on x86, they were encrypted the wrong way.  It is safe to use MIGRATE_BROKEN_PWD on Solaris and HP because it is essentially a no-op.  But this allows us to decrypt x86 passwords and store them correctly.
Platforms tested: RHEL4 i386, RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none

1 files changed, 2 insertions, 0 deletions

diff --git a/ldap/admin/src/scripts/DSMigration.pm.in b/ldap/admin/src/scripts/DSMigration.pm.in
index fa220a7b..6f5294d3 100644
--- a/ldap/admin/src/scripts/DSMigration.pm.in
+++ b/ldap/admin/src/scripts/DSMigration.pm.in
@@ -180,7 +180,9 @@ sub migrateCredentials {
     my ($ent, $attr, $mig, $inst) = @_;
     my $oldval = $ent->getValues($attr);
     debug(3, "Executing @bindir@/migratecred -o $mig->{actualsroot}/$inst -n @instconfigdir@/$inst -c \'$oldval\' . . .\n");
+    $ENV{MIGRATE_BROKEN_PWD} = "1"; # passwords prior to 8.0 were encrypted incorrectly
     my $newval = `@bindir@/migratecred -o $mig->{actualsroot}/$inst -n @instconfigdir@/$inst -c \'$oldval\'`;
+    delete $ENV{MIGRATE_BROKEN_PWD}; # clear the flag
     debug(3, "Converted old value [$oldval] to new value [$newval] for attr $attr in entry ", $ent->getDN(), "\n");
     return $newval;
 }