sbhegel
asked on
Converting msSFU30Password from ldapsearch command to plain text
I am trying to write a script that will go out to my Active Directory server and return the password for a list of users, so I can update the passwords into another system.
I am using ldapsearch to return the msSFU30Password property from their account, the problem is that this is encrypted. Does anyone know a way to get this in plain text?
This script is running on HP-UX 11i and accessing a Windows 2003 server AD
Thanks
I am using ldapsearch to return the msSFU30Password property from their account, the problem is that this is encrypted. Does anyone know a way to get this in plain text?
This script is running on HP-UX 11i and accessing a Windows 2003 server AD
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Mabe this is a better way to ask the question.
Is there any attribute in Active Directory (LDAP) that stores the password so it can be retrieved and converted to plain text on a Unix system, namely HP-UX 11i
Thanks again
Is there any attribute in Active Directory (LDAP) that stores the password so it can be retrieved and converted to plain text on a Unix system, namely HP-UX 11i
Thanks again
AFAIK unicodePwd attribute stores clear text password in AD (in unicode format).
To retrieve it you must use TLS connection (LDAPS://) with AD administrator priveleges.
Non enctypted connection (LDAP://) is not enough.
To retrieve it you must use TLS connection (LDAPS://) with AD administrator priveleges.
Non enctypted connection (LDAP://) is not enough.
only brute force methods (except you have a misconfigured LDAP:)
The password is stored as one-way hash, ther is no way back.