Hi, the userPassword is base64 encoded, so you can give it to base64 --decode. For example let's get the userPassword attribute:
$ ldapsearch -o ldif-wrap=no -ZZ -D 'cn=Directory Manager' -y passwordfile -h `hostname -f` -b uid=username,ou=People,dc=example,dc=com userPassword
The result is like this:
userPassword:: e1NTSEF9c3NPZnBPWDE5R1dlZnlsMnNCTmZCRk1FRzcvRVpNaW9ERXBFT3c9PQ==
Then just base64 decode it:
$ echo 'e1NTSEF9c3NPZnBPWDE5R1dlZnlsMnNCTmZCRk1FRzcvRVpNaW9ERXBFT3c9PQ==' | base64 --decode; echo
{SSHA}ssOfpOX19GWefyl2sBNfBFMEG7/EZMioDEpEOw==
You probably have to be the directory manager user because by default users don't have permission to read userPassword.
On 2015-03-02 18:57, ghiureai wrote:
> Hi List,
> I need to know how can I extract in DS a specific user passwd in hash format or un -hashed?
> Thank you
>
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
