Password Information Tool

0 Likes
over 12 years ago
home page url: http://ldapwiki.willeke.com/wiki/DumpEdirectoryPasswordInformationTool
download url: http://ldapwiki.willeke.com/attach/DumpEdirectoryPasswordInformationTool/
DumpPasswordInformation.jar


The NDS Passwords infrastructure can be difficult to figure out. We needed a tool to debug various password policy and user entries regarding passwords.


The Dump Password Information Tool performs the following:




  • Dumps the user's Universal Password values

  • Dumps the information regarding the users Universal Password

  • Dumps the information regarding the users Simple Password

  • Dumps the information regarding the users NDS Password as it relates to the Universal Password



Updated


We made many enhancements including a GUI interface.

home page url:
http://ldapwiki.willeke.com/wiki/DumpEdirectoryPasswordInformationTool

Labels:

Collateral
Comment List
Anonymous
  • Can we add a recommendation to this document stating that you should verify that the infrastructure is correctly configured in order to avoid unwanted access, including also a reference to the documentation provided by Novell: www.novell.com/.../an4bun5.html
  • Well, I was afraid someone would come up with this one.
    Currently is is coded for (objectClass=inetorgperson)

    The latest release does allow searching by an attributeName=AttibuteVlaue pair, but currently is still filtered by objectClass=inetorgperson.

    I will work on this as an enhancement.
    Thanks for the feedback.
    -jim
  • Hi

    This is a wicked tool but can it handle custom object classes?

    We have a custom object class on which we can set passwords on but I could not get it working too retrieve any information from this class.

    Is it hard coded only to handle cn's or can we use it for any objects?

    Thanking you in advance.

    Kindest Regards

    Ashley
  • Requirements=Java 1.5 or better.

    We have run this on Linux and on Windows. Runs from a workstation.
  • Are standard with most linux distros, although there are windows ports.

    Best combined set is cygwin:

    http://www.cygwin.com/

    for native ports:

    unxutils.sourceforge.net/

    which contains everything but OpenLDAP. For the ldap tools, you need a windows build of that, which *was* downloadable from here:

    www.ilex.fr/openldap.htm

    but it appears to be MIA.

    http://www.symas.net/ has a recent build, but it is behind a "register to get it" firewall; I have just signed up with a throwaway account, and it seems to work ok.
  • Where can i find the requirements?
    grep
    awk
    ldapsearch

    Thanks in advance!

    Bas Arendshorst
  • Hi all

    I created an easy batch to retrieve a users password, which i would like to share:

    @echo off
    TITLE Retrieve Password from user
    rem **************************************************************************
    rem * oktober 2008, Gerrit Doornenbal
    rem * requirements: ldapsearch, grep, awk, java
    rem **************************************************************************

    cls
    set ldapserver=172.16.1.10
    set /p gebruiker="Van welke gebruiker wil je het password weten? "
    set /p pwd="Geef je eigen wachtwoord: "
    cls

    rem first find administrator information from ldap server
    %toolmap%\ldapsearch -h %ldapserver% "uid=%username%" > %temp%\temp.ldif
    type %temp%\temp.ldif | z:\grep dn: | z:\awk "{print $2}" >%temp%\temp.txt
    for /f "tokens=1 delims= " %%A IN ('type %temp%\temp.txt') DO SET dn=%%A
    rem find user dn from ldap server
    %toolmap%\ldapsearch -h %ldapserver% "uid=%gebruiker%" > %temp%\temp.ldif
    type %temp%\temp.ldif | z:\grep dn: | z:\awk "{print $2}" >%temp%\temp.txt
    for /f "tokens=1 delims= " %%A IN ('type %temp%\temp.txt') DO SET userdn=%%A

    "C:\Program Files\Java\jre1.6.0_01\bin\java.exe" -jar DumpPasswordInformation.jar -dvAL -h %ldapserver% -z 3000 -D %dn% -w %pwd% -b %userdn%

    rem cleanup mess...
    del %temp%\temp.txt
    del %temp%\temp.ldif
    set pwd=
    set dn=
    set userdn=

    It's a very neat tool! thanks!

    Gerrit Doornenbal
Related Discussions
Recommended