The best place to *find* answers to programming/development questions, imo, however it's the *worst* place to *ask* questions (if your first question/comment doesn't get any up-rating/response, then u can't ask anymore questions--ridiculously unrealistic), but again, a great reference for *finding* answers.

My Music (Nickleus)

20120103

how to list openldap ldap user info in a terminal or graphical browser gui program on ubuntu linux


in order to get the userPassword value you need to bind the search to an authenticated user who has access to view that info, e.g. the admin/root user, e.g. here's how you'd do it with a simple bind authentication (instead of e.g. SASL):
ldapsearch -xLLLWD cn=adminUserName,dc=mycompany,dc=com -b ou=People,dc=mycompany,dc=com -s sub uid=userId
userPassword will look like this:
userPassword:: OHBjcWNLNGlQaVF5

to see that hashed value in clear text either use luma or run a command like this:
echo OHBjcWNLNGlQaVF5 | openssl base64 -d

when i ran that it looked like i got no (zero/empty) output, but in fact the next line looked like this:
mySecretPasswordmyUser@myLdapServer:~$

where the clear text password is the bold text here: mySecretPasswordmyUser@myLdapServer:~$

what happened was the output of openssl didnt add a new line.

you can also use perl and you wont get the new line bug:
echo OHBjcWNLNGlQaVF5 | perl -MMIME::Base64 -ne 'print decode_base64($_) . "\n"'

much thanks to user blingme (Buchan Milne) on the freenode #openldap irc channel for the help with figuring out how to show the user password =)

---


on ubuntu you can install a gui program called luma:
sudo apt-get install luma

settings > edit server list
add
new server name, e.g. my local ldap
doubleclick my local ldap in the server list
click network options
hostname: myldapserver
(or use the IP address)
click authentification
remove the checkmark from anonymous bind
bind as: cn=yourAdminUserName,dc=mycompany,dc=com
password: yourAdminUserPassword
save
ok
click browser

in luma you can see the userPassword in clear text. if anyone knows how to print the userPassword in a terminal, let me know ;)


ref. also: http://www.openldap.org/faq/data/cache/1346.html

UPDATE 20120731
apache directory studio seems like a better ldap browser: http://directory.apache.org/studio/

you can install it as a plugin in eclipse:
help > eclipse marketplace > search for apache directory studio > install

and it is really easy to show the user password in plain text:
find and select the user
right click on the userPassword field > edit value > check show current password details
Posted by Nickleus at 11:42:00

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)