Belkast Consulting has developed a Java command line utility to assist Micro Focus Identity Management customers feel confident that password synchronization is working.
Functionality
- Reset a Users password as either the admin or as the User.
- For compliant password policies in eDirectory, this will either set the password expired or not expired.
- Supports both SSL and clear text connections.
- All tasks work on the result of an LDAP Query:
- It is therefore possible to reset the password on multiple accounts
- It is also possible to verify password synchronization for multiple accounts at once
- Supports any LDAP v3 compliant directory
- Active Directory, eDirectory, Oracle Internet Directory, openLDAP
- For Active Directory, login verification can use either LDAP DN syntax or DOMAIN\\LOGIN syntax
- The LOGIN value can be retrieved from an attribute on the User object. If no attribute value is defined, the User DN is used
- For additional security, in the configuration file, the Password and the Username are encrypted using a 16 byte key
- The configuration file supports multiple [server] sections
Properties file
ERROR_CODES = ./errors.ini
[main]
NAME = CentOS VM eDirectory
HOSTNAME = 192.168.174.10
PORT = 636
USERNAME = X8gBJzLauRkDuoHR68Fo/ikCtYBy4fZWm6hhGCbDlCQ=
PASSWORD = AHuoo1UkLJUtIYPg8teFjQ==
TREE_NAME = IDVAULT
LDAP_BASE = o=belkast
LDAP_QUERY = (uid=KARMST)
LDAP_SCOPE = sub
LDAP_TIMEOUT = 10000
SSL = true
DEBUG = true
CACERTS = ./keith.jks
LOG_FILE = ./passwords.log
LOG_PASSWORD = true
[server]
TYPE = AD
HOSTNAME = 192.168.174.20
PORT = 389
SSL = false
LOGIN_ATTR = uid
LOGIN_TYPE = domain
domain = CORP
Examples
java -jar ./dist/verifyPassword.jar –props props_GDS.ini –key IanLovesCrackers
### password changer & sync verifier ###
### version: 09.10.15.001 ###
### belkast consulting © 2015 ###
### email: keith@belkast.com ###
### Read [1] server(s) from props.ini ###
### Connecting to CentOS VM eDirectory
### Running query: filter [(uid=KARMST)], scope [sub], base [o=belkast] ###
### Query returned 1 result(s) ###
@@@ Processing new User Object @@@
@@@ [cn=KARMST,ou=ACTIVE,ou=USERS,o=BELKAST] @@@
### Get pwd for [cn=KARMST,ou=ACTIVE,ou=USERS,o=BELKAST] ###
### Got pwd length {10} ###
### [1 of 1] Logging in to [192.168.174.20:389] ###
### [1 of 1] Logging in as [CORP\KARMST] ###
java -jar ./dist/verifyPassword.jar –encrypt cn=admin,ou=users,ou=admin,o=belkast –key IanLovesCrackers
### password changer & sync verifier ###
### version: 09.10.15.001 ###
### belkast consulting © 2015 ###
### email: keith@belkast.com ###
### Key to use: IanLovesCrackers
### Encrypting value: cn=admin,ou=users,ou=admin,o=belkast
### Encrypted value: /TjqHUFnIZq6vtRKWa0G4p+Koq/8mjb3ml+7tfE4AWb4/PXy1XDAGQmLXS7yClYp
### Decrypted value: cn=admin,ou=users,ou=admin,o=belkast