Skip to main content
Belkast
Belkast
  1. Posts/

Password Verifier / Setter

Custom Solutions Java
Table of Contents

Belkast Consulting has developed a Java command line utility to assist Micro Focus Identity Management customers feel confident that password synchronization is working.

Functionality
#

  • Reset a Users password as either the admin or as the User.
    • For compliant password policies in eDirectory, this will either set the password expired or not expired.
  • Supports both SSL and clear text connections.
  • All tasks work on the result of an LDAP Query:
    • It is therefore possible to reset the password on multiple accounts
    • It is also possible to verify password synchronization for multiple accounts at once
  • Supports any LDAP v3 compliant directory
    • Active Directory, eDirectory, Oracle Internet Directory, openLDAP
    • For Active Directory, login verification can use either LDAP DN syntax or DOMAIN\\LOGIN syntax
    • The LOGIN value can be retrieved from an attribute on the User object. If no attribute value is defined, the User DN is used
  • For additional security, in the configuration file, the Password and the Username are encrypted using a 16 byte key
  • The configuration file supports multiple [server] sections

Properties file
#

‘‘’text [program] ERROR_CODES = ./errors.ini

[main] NAME = CentOS VM eDirectory HOSTNAME = 192.168.174.10 PORT = 636 USERNAME = X8gBJzLauRkDuoHR68Fo/ikCtYBy4fZWm6hhGCbDlCQ= PASSWORD = AHuoo1UkLJUtIYPg8teFjQ== TREE_NAME = IDVAULT LDAP_BASE = o=belkast LDAP_QUERY = (uid=KARMST) LDAP_SCOPE = sub LDAP_TIMEOUT = 10000 SSL = true DEBUG = true CACERTS = ./keith.jks LOG_FILE = ./passwords.log LOG_PASSWORD = true

[server] TYPE = AD HOSTNAME = 192.168.174.20 PORT = 389 SSL = false LOGIN_ATTR = uid LOGIN_TYPE = domain domain = CORP ’’’

Examples
#

java -jar ./dist/verifyPassword.jar –props props_GDS.ini –key IanLovesCrackers

### password changer & sync verifier ###
### version: 09.10.15.001 ###
### belkast consulting © 2015 ###
### email: keith@belkast.com ###

### Read

\[1\]

server(s) from props.ini ###
### Connecting to CentOS VM eDirectory
### Running query: filter

\[(uid=KARMST)\]

, scope

\[sub\]

, base

\[o=belkast\]

###
### Query returned 1 result(s) ###

@@@ Processing new User Object @@@
@@@

\[cn=KARMST,ou=ACTIVE,ou=USERS,o=BELKAST\]

@@@
### Get pwd for

\[cn=KARMST,ou=ACTIVE,ou=USERS,o=BELKAST\]

###
### Got pwd length {10} ###
###

\[1 of 1\]

Logging in to

\[192.168.174.20:389\]

###
###

\[1 of 1\]

Logging in as

\[CORP\\KARMST\]

###

java -jar ./dist/verifyPassword.jar –encrypt cn=admin,ou=users,ou=admin,o=belkast –key IanLovesCrackers

### password changer & sync verifier ###
### version: 09.10.15.001 ###
### belkast consulting © 2015 ###
### email: keith@belkast.com ###

### Key to use: IanLovesCrackers
### Encrypting value: cn=admin,ou=users,ou=admin,o=belkast
### Encrypted value: /TjqHUFnIZq6vtRKWa0G4p+Koq/8mjb3ml+7tfE4AWb4/PXy1XDAGQmLXS7yClYp
### Decrypted value: cn=admin,ou=users,ou=admin,o=belkast