Hi, the userPassword is base64 encoded, so you can give it to base64 --decode. For example let's get the userPassword attribute: $ ldapsearch -o ldif-wrap=no -ZZ -D 'cn=Directory Manager' -y passwordfile -h `hostname -f` -b uid=username,ou=People,dc=example,dc=com userPassword The result is like this: userPassword:: e1NTSEF9c3NPZnBPWDE5R1dlZnlsMnNCTmZCRk1FRzcvRVpNaW9ERXBFT3c9PQ== Then just base64 decode it: $ echo 'e1NTSEF9c3NPZnBPWDE5R1dlZnlsMnNCTmZCRk1FRzcvRVpNaW9ERXBFT3c9PQ==' | base64 --decode; echo {SSHA}ssOfpOX19GWefyl2sBNfBFMEG7/EZMioDEpEOw== You probably have to be the directory manager user because by default users don't have permission to read userPassword. On 2015-03-02 18:57, ghiureai wrote: