LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   View crypted password in openldap (https://www.linuxquestions.org/questions/linux-newbie-8/view-crypted-password-in-openldap-4175469951/)

vignesh_murali2003 07-17-2013 11:25 AM
View crypted password in openldap
 
Hi when I give the below command i see
ldapsearch -x -b 'dc=example,dc=com' 'uid=user'
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: uid=user
# requesting: ALL
#

# user, People, example.com
dn: uid=user,ou=People,dc=example,dc=com
cn: user 1
uid: user
uidNumber: 1026
gidNumber: 100
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: inetOrgPerson
gecos: user
sn: user
loginShell: /bin/bash
homeDirectory: /home/user

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
Is ther any way to see the password of that user?

TB0ne 07-17-2013 01:30 PM
Quote:
Originally Posted by vignesh_murali2003 (Post 4992019)
Hi when I give the below command i see
Code:
ldapsearch -x -b  'dc=example,dc=com' 'uid=user'
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: uid=user
# requesting: ALL
#

# user, People, example.com
dn: uid=user,ou=People,dc=example,dc=com
cn: user 1
uid: user
uidNumber: 1026
gidNumber: 100
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: inetOrgPerson
gecos: user
sn: user
loginShell: /bin/bash
homeDirectory: /home/user

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
Is ther any way to see the password of that user?
No...why would there be? The passwords are encrypted so they CAN'T be viewed.

shivaa 07-17-2013 01:39 PM
This is not ethical and ldap do not allow you to view user passwords. As a ldap admin, you can see password in encrypted form only and in case if you want to recover some user's password, then better reset it.

vignesh_murali2003 07-17-2013 01:49 PM
The thing is am writing a php program for authentication of users for our database. I wanted to have ldap authorization for the database. I used annonymous bind and wanted to compare the password that the users type with that of ldap database using ldap search command. Maybe my approach is wrong?

TB0ne 07-17-2013 02:11 PM
Quote:
Originally Posted by vignesh_murali2003 (Post 4992080)
The thing is am writing a php program for authentication of users for our database. I wanted to have ldap authorization for the database. I used annonymous bind and wanted to compare the password that the users type with that of ldap database using ldap search command. Maybe my approach is wrong?
Yes, it is. If you're writing PHP code, use the LDAP functions to authenticate and report back on whether the bind is successful or not. Decrypting (or ATTEMPTING to decrypt) a password for that reason is poor coding at best....shady/unethical at worst.


All times are GMT -5. The time now is 11:26 AM.