Tool

jwilleke's picture
tool
Reads:

21782

Score:
4
4
8
 
Comments:

7

Password Information Tool

Author Info

25 September 2009 - 2:46pm
Submitted by: jwilleke

Author Blog
Author Profile

Tags

Tags Map

(View Disclaimer)

download url: 
http://ldapwiki.willeke.com/wiki/DumpEdirectoryPasswordInformationTool
license: 
Free
home page url: 
http://ldapwiki.willeke.com/wiki/DumpEdirectoryPasswordInformationTool

download url: http://ldapwiki.willeke.com/attach/DumpEdirectoryPasswordInformationTool/
DumpPasswordInformation.jar

The NDS Passwords infrastructure can be difficult to figure out. We needed a tool to debug various password policy and user entries regarding passwords.

The Dump Password Information Tool performs the following:

  • Dumps the user's Universal Password values
  • Dumps the information regarding the users Universal Password
  • Dumps the information regarding the users Simple Password
  • Dumps the information regarding the users NDS Password as it relates to the Universal Password

Updated

We made many enhancements including a GUI interface.

home page url:
http://ldapwiki.willeke.com/wiki/DumpEdirectoryPasswordInformationTool


Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.



Related Articles


User Comments

Anonymous's picture

Easy to use batch file:

Submitted by Anonymous on 2 October 2008 - 2:27am.

Hi all

I created an easy batch to retrieve a users password, which i would like to share:

@echo off
TITLE Retrieve Password from user
rem **************************************************************************
rem * oktober 2008, Gerrit Doornenbal
rem * requirements: ldapsearch, grep, awk, java
rem **************************************************************************

cls
set ldapserver=172.16.1.10
set /p gebruiker="Van welke gebruiker wil je het password weten? "
set /p pwd="Geef je eigen wachtwoord: "
cls

rem first find administrator information from ldap server
%toolmap%\ldapsearch -h %ldapserver% "uid=%username%" > %temp%\temp.ldif
type %temp%\temp.ldif | z:\grep dn: | z:\awk "{print $2}" >%temp%\temp.txt
for /f "tokens=1 delims= " %%A IN ('type %temp%\temp.txt') DO SET dn=%%A
rem find user dn from ldap server
%toolmap%\ldapsearch -h %ldapserver% "uid=%gebruiker%" > %temp%\temp.ldif
type %temp%\temp.ldif | z:\grep dn: | z:\awk "{print $2}" >%temp%\temp.txt
for /f "tokens=1 delims= " %%A IN ('type %temp%\temp.txt') DO SET userdn=%%A

"C:\Program Files\Java\jre1.6.0_01\bin\java.exe" -jar DumpPasswordInformation.jar -dvAL -h %ldapserver% -z 3000 -D %dn% -w %pwd% -b %userdn%

rem cleanup mess...
del %temp%\temp.txt
del %temp%\temp.ldif
set pwd=
set dn=
set userdn=

It's a very neat tool! thanks!

Gerrit Doornenbal

Anonymous's picture

Where can i find the

Submitted by Anonymous on 13 October 2008 - 7:04am.

Where can i find the requirements?
grep
awk
ldapsearch

Thanks in advance!

Bas Arendshorst

jwilleke's picture

Requirements=Java 1.5 or better.

Submitted by jwilleke on 19 June 2009 - 6:32am.

Requirements=Java 1.5 or better.

We have run this on Linux and on Windows. Runs from a workstation.

DaveHowe's picture

those tools...

Submitted by DaveHowe on 14 October 2008 - 2:09am.

Are standard with most linux distros, although there are windows ports.

Best combined set is cygwin:

http://www.cygwin.com/

for native ports:

http://unxutils.sourceforge.net/

which contains everything but OpenLDAP. For the ldap tools, you need a windows build of that, which *was* downloadable from here:

http://www.ilex.fr/openldap.htm

but it appears to be MIA.

http://www.symas.net/ has a recent build, but it is behind a "register to get it" firewall; I have just signed up with a throwaway account, and it seems to work ok.

baijnja1's picture

Custom Schema

Submitted by baijnja1 on 1 July 2009 - 11:47am.

Hi

This is a wicked tool but can it handle custom object classes?

We have a custom object class on which we can set passwords on but I could not get it working too retrieve any information from this class.

Is it hard coded only to handle cn's or can we use it for any objects?

Thanking you in advance.

Kindest Regards

Ashley

jwilleke's picture

Custom Schema

Submitted by jwilleke on 2 July 2009 - 6:04am.

Well, I was afraid someone would come up with this one.
Currently is is coded for (objectClass=inetorgperson)

The latest release does allow searching by an attributeName=AttibuteVlaue pair, but currently is still filtered by objectClass=inetorgperson.

I will work on this as an enhancement.
Thanks for the feedback.
-jim

mbuil's picture

Security observation...

Submitted by mbuil on 4 June 2010 - 10:14am.

Can we add a recommendation to this document stating that you should verify that the infrastructure is correctly configured in order to avoid unwanted access, including also a reference to the documentation provided by Novell: http://www.novell.com/documentation/password_manag...

© 2013 Novell