Anonymous_User Absent Member.
Absent Member.
456 views

pulling users & password(hashes) from eDir through LDAP


dear edirectory afficinados,

i got ldap-servers which would like to pull users and their credentials
from edirectory through ldap.
they´d be happy with the password hashes, which i don´t know a way of
pulling them out of the directory.

i could let them allow to retrieve universal password, but hashes ´d
preferable.

any ideas there?

thanks in advance, florian


--
florianz
------------------------------------------------------------------------
florianz's Profile: https://forums.netiq.com/member.php?userid=309
View this thread: https://forums.netiq.com/showthread.php?t=51609

Labels (1)
0 Likes
3 Replies
Anonymous_User Absent Member.
Absent Member.

Re: pulling users & password(hashes) from eDir through LDAP

On Wed, 27 Aug 2014 09:46:34 +0000, florianz wrote:

> dear edirectory afficinados,
>
> i got ldap-servers which would like to pull users and their credentials
> from edirectory through ldap.
> theyŽd be happy with the password hashes, which i donŽt know a way of
> pulling them out of the directory.


I believe hashes are a possibility with Simple Password, but I've never
done it myself.


> i could let them allow to retrieve universal password, but hashes Žd
> preferable.
>
> any ideas there?


Sounds like re-inventing IDM. I'd just use IDM if it were me.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: pulling users & password(hashes) from eDir through LDAP

Agreed; the ONLY way you can synchronize passwords from eDirectory are either:

1. You already have Universal Password implemented by users, so you can
send the password to another system with something like IDM or a tool that
uses the NMAS-enabled LDAP interface to get the original password value.
This can synchronize to any system that can accept a password in its
original form for the user as set by an administrator (or equivalent) of
that system.

2. You use IDM to synchronize the NDS password keypair (Public/Private
keys) to another eDirectory system (only works for eDirectory).

I do not think that synchronizing the actual Simple Password, as set by
eDirectory normally, will work as it uses tree-specific stuff for hashing.
If you imported external hashes (MD5, for example) into eDirectory, then
you could potentially import those into another system too, but you'd need
to use the source of the original import and not something out of
eDirectory, which is the only way that makes sense anyway.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: pulling users & password(hashes) from eDir through LDAP


clear and concise, thanks 🙂


--
florianz
------------------------------------------------------------------------
florianz's Profile: https://forums.netiq.com/member.php?userid=309
View this thread: https://forums.netiq.com/showthread.php?t=51609

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.