Differences

This shows you the differences between two versions of the page.

--- ldif2passwd.pl [2006/11/09 19:04] – old revision restored andi
+++ ldif2passwd.pl [2006/11/13 13:50] (current) – old revision restored andi
@@ Line 1: / Line 1: @@
+====== ldif2passwd.pl ======
+This Perl-Script helps you to build a passwd file from your LDAP data. This is useful to feed it into a password cracker (like [[http://www.openwall.com/john/|john]]) to test for weak passwords.
+It's just a quick hack. Only passwords are Base64 decoded to decode other fields as well hacke the source.
+<code perl>
+#!/usr/bin/perl
+use MIME::Base64;
+my %user;
+while (<>){
+  $line = $_;
+  #skip comments
+  next if($line =~ m/^#/);
+  #trim whitespaces
+  $line =~ s/\s*$//;
+  $line =~ s/^\s*//;
+  if($line eq ''){
+    # print old user
+    if($user{'login'} ne ''){
+      print join(':',$user{'login'},
+                     $user{'pass'},
+                     $user{'uid'},
+                     $user{'gid'},
+                     $user{'gecos'},
+                     $user{'home'},
+                     $user{'shell'});
+      print "\n";
+    }
+    # initialize new user
+    %user = ();
+    next
+  }
+  if($line =~ m/^uidNumber(::?) (.*)/i){
+    $user{'uid'}   = $2;
+  }if($line =~ m/^userPassword(::?) (.*)/i){
+    if($1 eq '::'){
+      $user{'pass'}=  decode_base64($2);
+      $user{'pass'}=~ s/{.*}//;
+    }else{
+      $user{'pass'}= $2;
+    }
+  }elsif($line =~ m/^uid(::?) (.*)/i){
+    $user{'login'} = $2;
+  }elsif($line =~ m/^gidNumber(::?) (.*)/i){
+    $user{'gid'}   = $2
+  }elsif($line =~ m/^gecos(::?) (.*)/i){
+    $user{'gecos'} = $2
+  }elsif($line =~ m/^loginShell(::?) (.*)/i){
+    $user{'home'}  = $2
+  }elsif($line =~ m/^homeDirectory(::?) (.*)/i){
+    $user{'shell'} = $2
+  }
+}
+</code>
+**Usage:**
+  $> ldapsearch -L -D 'cn=admin,dc=foo,dc=bar' -w pass -x -b 'ou=people,dc=foo,dc=bar' 'objectclass=posixAccount' |\
+     perl ldif2passwd.pl > passwd.1