Hi, the userPassword is base64 encoded, so you can give it to base64 --decode. For example
let's get the userPassword attribute:
$ ldapsearch -o ldif-wrap=no -ZZ -D 'cn=Directory Manager' -y passwordfile -h
`hostname -f` -b uid=username,ou=People,dc=example,dc=com userPassword
The result is like this:
userPassword:: e1NTSEF9c3NPZnBPWDE5R1dlZnlsMnNCTmZCRk1FRzcvRVpNaW9ERXBFT3c9PQ==
Then just base64 decode it:
$ echo 'e1NTSEF9c3NPZnBPWDE5R1dlZnlsMnNCTmZCRk1FRzcvRVpNaW9ERXBFT3c9PQ==' | base64
--decode; echo
{SSHA}ssOfpOX19GWefyl2sBNfBFMEG7/EZMioDEpEOw==
You probably have to be the directory manager user because by default users don't have
permission to read userPassword.
On 2015-03-02 18:57, ghiureai wrote:
Hi List,
I need to know how can I extract in DS a specific user passwd in hash format or un
-hashed?
Thank you