This Perl-Script helps you to build a passwd file from your LDAP data. This is useful to feed it into a password cracker (like john) to test for weak passwords.
It's just a quick hack. Only passwords are Base64 decoded to decode other fields as well hacke the source.
#!/usr/bin/perl use MIME::Base64; my %user; while (<>){ $line = $_; #skip comments next if($line =~ m/^#/); #trim whitespaces $line =~ s/\s*$//; $line =~ s/^\s*//; if($line eq ''){ # print old user if($user{'login'} ne ''){ print join(':',$user{'login'}, $user{'pass'}, $user{'uid'}, $user{'gid'}, $user{'gecos'}, $user{'home'}, $user{'shell'}); print "\n"; } # initialize new user %user = (); next } if($line =~ m/^uidNumber(::?) (.*)/i){ $user{'uid'} = $2; }if($line =~ m/^userPassword(::?) (.*)/i){ if($1 eq '::'){ $user{'pass'}= decode_base64($2); $user{'pass'}=~ s/{.*}//; }else{ $user{'pass'}= $2; } }elsif($line =~ m/^uid(::?) (.*)/i){ $user{'login'} = $2; }elsif($line =~ m/^gidNumber(::?) (.*)/i){ $user{'gid'} = $2 }elsif($line =~ m/^gecos(::?) (.*)/i){ $user{'gecos'} = $2 }elsif($line =~ m/^loginShell(::?) (.*)/i){ $user{'home'} = $2 }elsif($line =~ m/^homeDirectory(::?) (.*)/i){ $user{'shell'} = $2 } }
Usage:
$> ldapsearch -L -D 'cn=admin,dc=foo,dc=bar' -w pass -x -b 'ou=people,dc=foo,dc=bar' 'objectclass=posixAccount' |\ perl ldif2passwd.pl > passwd.1