Password Setter and Sync Verifier

Belkast Consulting has developed a Java command line utility to help NetIQ Identity Management customers feel confident that password synchronization is working. If you are interested in finding out more, please send an email to Belkast for further information.

Overview

The main functions of the utility are:

  • Reset a Users password as either the admin or as the User. For compliant Password policies in eDirectory, this will either set the password expired or not expired.
  • Supports both SSL and Clear Text connections.
  • All tasks work on the result of an LDAP Query:
    • It it therefore possible to reset the password on hundreds of Users. Handy for TEST accounts.
    • Also makes it easy to verify password synchronization for more than one User at a time.
  • Supports any LDAP compliant directory:
    • Active Directory, eDirectory, openLDAP, etc.
    • For Active Directory, login verification can use either LDAP DN syntax or DOMAIN\LOGIN syntax.
  • The LOGIN value above can be retrieved from an attribute held on the User object in the main User directory. If no attribute is defined, the User DN is used.
  • For extra security, the Password and Username used for the main User repository is encrypted using a 16 byte key.
  • The properties file supports as many [server] sections as you want to check the password synchronization.
Properties file

[program]
ERROR_CODES = ./errors.ini

[main]
NAME = CentOS VM eDirectory
HOSTNAME = 192.168.174.10
PORT = 636
USERNAME = X8gBJzLauRkDuoHR68Fo/ikCtYBy4fZWm6hhGCbDlCQ=
PASSWORD = AHuoo1UkLJUtIYPg8teFjQ==
TREE_NAME = IDVAULT
LDAP_BASE = o=belkast
LDAP_QUERY = (uid=KARMST)
LDAP_SCOPE = sub
LDAP_TIMEOUT = 10000
SSL = true
DEBUG = true
CACERTS = ./keith.jks
LOG_FILE = ./passwords.log
LOG_PASSWORD = true

[server]
TYPE = AD
HOSTNAME = 192.168.174.20
PORT = 389
SSL = false
LOGIN_ATTR = uid
LOGIN_TYPE = domain
domain = CORP

Examples

java -jar ./dist/verifyPassword.jar –props props_GDS.ini –key IanLovesCrackers

### password changer & sync verifier ###
### version: 09.10.15.001 ###
### belkast consulting (c) 2015 ###
### email: keith@belkast.com ###

### Read [1] server(s) from props.ini ###
### Connecting to CentOS VM eDirectory
### Running query: filter [(uid=KARMST)], scope [sub], base [o=belkast] ###
### Query returned 1 result(s) ###

@@@ Processing new User Object @@@
@@@ [cn=KARMST,ou=ACTIVE,ou=USERS,o=BELKAST] @@@
### Get pwd for [cn=KARMST,ou=ACTIVE,ou=USERS,o=BELKAST] ###
### Got pwd length {10} ###
### [1 of 1] Logging in to [192.168.174.20:389] ###
### [1 of 1] Logging in as [CORP\KARMST] ###

java -jar ./dist/verifyPassword.jar –encrypt cn=admin,ou=users,ou=admin,o=belkast –key IanLovesCrackers

### password changer & sync verifier ###
### version: 09.10.15.001 ###
### belkast consulting (c) 2015 ###
### email: keith@belkast.com ###

### Key to use: IanLovesCrackers
### Encrypting value: cn=admin,ou=users,ou=admin,o=belkast
### Encrypted value: /TjqHUFnIZq6vtRKWa0G4p+Koq/8mjb3ml+7tfE4AWb4/PXy1XDAGQmLXS7yClYp
### Decrypted value: cn=admin,ou=users,ou=admin,o=belkast