[389-users] extract user passwd/hash and un-hashed format
Paul Tobias
paul.tobias at geonomics.com
Tue Mar 3 09:42:40 UTC 2015
Hi, the userPassword is base64 encoded, so you can give it to base64 --decode. For example let's get the userPassword attribute:
$ ldapsearch -o ldif-wrap=no -ZZ -D 'cn=Directory Manager' -y passwordfile -h `hostname -f` -b uid=username,ou=People,dc=example,dc=com userPassword
The result is like this:
userPassword:: e1NTSEF9c3NPZnBPWDE5R1dlZnlsMnNCTmZCRk1FRzcvRVpNaW9ERXBFT3c9PQ==
Then just base64 decode it:
$ echo 'e1NTSEF9c3NPZnBPWDE5R1dlZnlsMnNCTmZCRk1FRzcvRVpNaW9ERXBFT3c9PQ==' | base64 --decode; echo
{SSHA}ssOfpOX19GWefyl2sBNfBFMEG7/EZMioDEpEOw==
You probably have to be the directory manager user because by default users don't have permission to read userPassword.
On 2015-03-02 18:57, ghiureai wrote:
> Hi List,
> I need to know how can I extract in DS a specific user passwd in hash format or un -hashed?
> Thank you
>
More information about the 389-users
mailing list