Belkast Consulting has developed a Java command line utility to assist Micro Focus Identity Management customers feel confident that password synchronization is working.

Functionality

  • Reset a Users password as either the admin or as the User.
    • For compliant password policies in eDirectory, this will either set the password expired or not expired.
  • Supports both SSL and clear text connections.
  • All tasks work on the result of an LDAP Query:
    • It is therefore possible to reset the password on multiple accounts
    • It is also possible to verify password synchronization for multiple accounts at once
  • Supports any LDAP v3 compliant directory
    • Active Directory, eDirectory, Oracle Internet Directory, openLDAP
    • For Active Directory, login verification can use either LDAP DN syntax or DOMAIN\\LOGIN syntax
    • The LOGIN value can be retrieved from an attribute on the User object. If no attribute value is defined, the User DN is used
  • For additional security, in the configuration file, the Password and the Username are encrypted using a 16 byte key
  • The configuration file supports multiple [server] sections

Properties file

[program]
ERROR_CODES = ./errors.ini

[main]
NAME = CentOS VM eDirectory
HOSTNAME = 192.168.174.10
PORT = 636
USERNAME = X8gBJzLauRkDuoHR68Fo/ikCtYBy4fZWm6hhGCbDlCQ=
PASSWORD = AHuoo1UkLJUtIYPg8teFjQ==
TREE_NAME = IDVAULT
LDAP_BASE = o=belkast
LDAP_QUERY = (uid=KARMST)
LDAP_SCOPE = sub
LDAP_TIMEOUT = 10000
SSL = true
DEBUG = true
CACERTS = ./keith.jks
LOG_FILE = ./passwords.log
LOG_PASSWORD = true

[server]
TYPE = AD
HOSTNAME = 192.168.174.20
PORT = 389
SSL = false
LOGIN_ATTR = uid
LOGIN_TYPE = domain
domain = CORP

Examples

java -jar ./dist/verifyPassword.jar –props props_GDS.ini –key IanLovesCrackers

### password changer & sync verifier ###
### version: 09.10.15.001 ###
### belkast consulting © 2015 ###
### email: keith@belkast.com ###

### Read [1] server(s) from props.ini ###
### Connecting to CentOS VM eDirectory
### Running query: filter [(uid=KARMST)], scope [sub], base [o=belkast] ###
### Query returned 1 result(s) ###

@@@ Processing new User Object @@@
@@@ [cn=KARMST,ou=ACTIVE,ou=USERS,o=BELKAST] @@@
### Get pwd for [cn=KARMST,ou=ACTIVE,ou=USERS,o=BELKAST] ###
### Got pwd length {10} ###
### [1 of 1] Logging in to [192.168.174.20:389] ###
### [1 of 1] Logging in as [CORP\KARMST] ###

java -jar ./dist/verifyPassword.jar –encrypt cn=admin,ou=users,ou=admin,o=belkast –key IanLovesCrackers

### password changer & sync verifier ###
### version: 09.10.15.001 ###
### belkast consulting © 2015 ###
### email: keith@belkast.com ###

### Key to use: IanLovesCrackers
### Encrypting value: cn=admin,ou=users,ou=admin,o=belkast
### Encrypted value: /TjqHUFnIZq6vtRKWa0G4p+Koq/8mjb3ml+7tfE4AWb4/PXy1XDAGQmLXS7yClYp
### Decrypted value: cn=admin,ou=users,ou=admin,o=belkast