1 Topic by malinkalive

  • malinkalive
  • Member
  • Offline
  • Registered: 2018-11-16
  • Posts: 1

Topic: Decode ldap users passwords

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): iRedAdmin-Pro-LDAP-2.1.1
- Linux/BSD distribution name and version: CentOS release 5.5 (Final)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi,
I`m trying migrate users accounts with passwords from ldap-server to other system. I have ready text file with content silimar to this:

uid=karol
userPassword:: e1NTSEF9ZnNGZy9ReFdudUswVWpDL2dTZ2tWRHBEMk5DbzQ5aEU= 

uid=test
userPassword:: e1NTSEF9dmFmU1hnS2RFT2ZtaWhtN3FvWWJZbUVvWGZYdW9Td0Z3TC9hS1E9PQ=

uid=karol 68 chars
uid=test 79 chars

After this I dedoce "karol" password with command:

echo e1NTSEF9ZnNGZy9ReFdudUswVWpDL2dTZ2tWRHBEMk5DbzQ5aEU= | openssl base64 -d 
{SSHA}fsFg/QxWnuK0UjC/gSgkVDpD2NCo49hE - expected SSHA string

but when I`m trying the same trick with "test" uid password I get null answer:

echo e1NTSEF9dmFmU1hnS2RFT2ZtaWhtN3FvWWJZbUVvWGZYdW9Td0Z3TC9hS1E9PQ= | openssl base64 -d

Can You help with decode 79 chars password string? Many thanks.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Decode ldap users passwords

Usually i use Python to query LDAP and get the user account profile, including password, and it's a string starts with {SSHA} or {SSHA512} (depends on your encryption), no need to call openssl for decoding.

3 Reply by papas

  • papas
  • Member
  • Offline
  • Registered: 2018-08-04
  • Posts: 10

Re: Decode ldap users passwords

When you use base64 tool instead of openssl, the result is:

Input file incomplete.

It looks like the line with password was folded and the missing part is the second '=' character, which is used in base64 encoding for padding. When you append the '=', the string decodes correctly:

{SSHA}vafSXgKdEOfmihm7qoYbYmEoXfXuoSwFwL/aKQ==