pwdcheck

pwdcheck.pl (Size 23k) - Chris Randles v1.0 2008-05-07

PROGRAM PURPOSE:



Analyze output from the Daigpwd utility and produce a useable list of eDirectory accounts who's eDirectory passwords are not synchronized with their Universal or Simple passwords. The output is in container order using the reverse object RDN.


PROGRAM REQUIREMENTS:



Input Requirements - The output from Diagpwd:

Use Daigpwd with the following syntax:

diagpwd <IP Address> <secure port> <Tree_Cert>.der <container to start search> sub <Admin Account> <password>



e.g. diagpwd 192.168.0.1 636 MyTree.der o=Novell sub cn=admin,o=Novell mypassword

Use redirection to output the data to a text file. e.g. add '> diagpwd.txt' to the end of the statement:

e.g. diagpwd 192.168.0.1 636 MyTree.der o=Novell sub cn=admin,o=Novell mypassword > diagpwd.txt

To acquire the Diagpwd utility go to the Novell downloads web page and search for 'diagpwd*'
NOTE: Diagpwd4 was the version at the time of writing this document.
Do not modify the output file from diagpwd!
Diagpwd takes a while to run. You can use LDAP tracing to follow it's progress.

 
 
 
 
 
 

The program has been tested using SUSE Linux 10 on x86_64 using Perl v5.8.8 and on MS Windows 2000 SP4 using ActivePerl v5.8.8. It should run on most Linux/Unix/Windows platforms with Perl v5.6 and above.

EXAMPLE INPUT DATA (output data from diagpwd):



Object DN: cn=MyAccount,ou=IT,ou=CA,o=Novell
     EMail: ChRandles@novell.com
     Last Changed Date: 2008-04-21 22:40:45 Z
     Password Status: Enabled, Set
     Distribution Password Status: Set
     Simple Password Status: Set
     Password Policy DN: cn=Password Policy,cn=Password Policies,cn=Security

Object DN: cn=ThatAccount,ou=Accounts,ou=CA,o=Novell
     EMail: NotReal@novell.com
     Last Changed Date: [UNKNOWN]
     Password Status: Enabled, Set
     Distribution Password Status: Not set
     Simple Password Status: Set
     Password Policy DN: cn=Password Policy,cn=Password Policies,cn=Security

Object DN: cn=NFAUUser,o=novell
     EMail: [NONE]
     Last Changed Date: [UNKNOWN]
     Password Status: Universal Password disabled, Not set
     Distribution Password Status: Not set
     Simple Password Status: Not set
     Password Policy DN: [NONE]

PROGRAM OUTPUT INCLUDES:



Password_Totals.txt
A file containing all of the totals derived by the program which appear in the various output files.

Bad_Passwords.txt
     List of objects where Universal and/or Simple passwords do not match NDS password:
     Number of objects with bad Universal and Simple Passwords
     Number of objects with bad Universal Password Only
     Number of objects with bad Simple Password Only
     Total number of objects with bad passwords

Universal_Password_Not_Enabled.txt
     List of and Total number of objects with Universal Password NOT enabled

Universal_Password_Enabled.txt
     List of and Total number of objects with Universal Password Enabled

Universal_Password_Set.txt
     List of and Total number of objects with Universal Password Set

Universal_Password_Not_Set.txt
     List of and Total number of objects with Universal Password NOT Set

Distribution_Password_Set.txt
     List of and Total number of objects with Distribution Password Set

Distribution_Password_Not_Set.txt
     List of and Total number of objects with Distribution Password NOT Set

Simple_Password_Set.txt
     List of and Total number of objects with Simple Password Set

Simple_Password_Not_Set.txt
     List of and Total number of objects with Simple Password NOT Set

Users_By_Last_Password_Change.txt
     List of objects ordered by password last changed date
     Number Users without a password last changed date
     Number of Users with a password last changed date

Users_By_Password_Policies.txt
     List of objects ordered by assigned password policy
     Number of Users assigned to each password policy

Excluded_Objects.txt
     List of and Total number of objects excluded from the input data.

Passwords.csv
     A csv formatted file containing the input data. One object per line.

A Total of 14 output files are created per program run. NOTE: Output files are over-written with each run.

EXCLUSIONS FILE:



Exclusions file format is a simple text list of object CNs to ignore.
     Create a text file called 'exclude.txt' (case sensitive on Linux/Unix) and enter one CN per line (CN is case insensitive) e.g.:

    Backup_Exec

    Administrator

    Admin

    Proxy

    UNIX Service Handler

    NFAUUser

Labels (2)
Tags (1)
Attachments

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Comments
Chris,

I can't believe no one else has offered their gratitude for this tool. It is tremendous!

Thanks you so much for sharing.

David

Is there a way to find out whether a password does not match the password policy after a password policy has been increased?
example: we have the password policy of min. 8 characters increased to 12 characters. now we want to know which accounts do not yet correspond to the password length of 12 characters.

 

 

Yes, there is.  Jim Willeke wrote a much better tool than this one, sorry guys, but his is better called Dump Universal Password.  When you check a user it reports an NMAS error (I forget the code) that shows that the current password does NOT meet the current password policy rules.  Which is what you need.

 

https://ldapwiki.com/wiki/DumpEdirectoryPasswordInformationTool

Top Contributors
Version history
Revision #:
6 of 6
Last update:
‎2020-03-10 19:25
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.