Hi everybody,
Today III show you more about OID pwd policies.
1-Check if it is encrypted:
[oracle@thiagoserver ~]$ ldapsearch -p 6501 -D cn=orcladmin -w ***** -b " " "uid=superthiagoleoncio" userpassword
Return:
cn=superthiagoleoncio,cn=Users,dc=thiago,dc=leoncio,dc=com
userpassword={SSHA}X9+5VDn2cjY/i81Sg4A4tzoDWymWxzi6crMzYA==
2-Check policy related:
ldapsearch -p 3060 -q -D "cn=orcladmin" -b "cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,dc=thiago,dc=leoncio,dc=com" -s base "objectclass=*" orclpwdencryptionenable
Return:
orclpwdencryptionenable=1
3-To decrypt run this ldapmodify command:
ldapmodify -p 3060 -D cn=orcladmin -w ***** <<EOF
dn: cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,dc=thiago,dc=leoncio,dc=com
changetype: modify
replace: orclpwdencryptionenable
orclpwdencryptionenable: 0
EOF
4-then search the userpwssword again
[oracle@thiagoserver ~]$ ldapsearch -p 6501 -D cn=orcladmin -w ***** -b " " "uid=superthiagoleoncio" userpassword
Return:
cn=superthiagoleoncio,cn=Users,dc=thiago,dc=leoncio,dc=com
userpassword=blablabla12345
NOTE: Alternatively, if you are doing encryption(orclpwdencryptionenable=1), if users were provisioned before you set orclpwdencryptionenable,
all users must reset their user passwords to trigger the generation of the encrypted value.
I hope this article will be helpful for you guys,
Thiago Leoncio.
Today III show you more about OID pwd policies.
1-Check if it is encrypted:
[oracle@thiagoserver ~]$ ldapsearch -p 6501 -D cn=orcladmin -w ***** -b " " "uid=superthiagoleoncio" userpassword
Return:
cn=superthiagoleoncio,cn=Users,dc=thiago,dc=leoncio,dc=com
userpassword={SSHA}X9+5VDn2cjY/i81Sg4A4tzoDWymWxzi6crMzYA==
2-Check policy related:
ldapsearch -p 3060 -q -D "cn=orcladmin" -b "cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,dc=thiago,dc=leoncio,dc=com" -s base "objectclass=*" orclpwdencryptionenable
Return:
orclpwdencryptionenable=1
3-To decrypt run this ldapmodify command:
ldapmodify -p 3060 -D cn=orcladmin -w ***** <<EOF
dn: cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,dc=thiago,dc=leoncio,dc=com
changetype: modify
replace: orclpwdencryptionenable
orclpwdencryptionenable: 0
EOF
4-then search the userpwssword again
[oracle@thiagoserver ~]$ ldapsearch -p 6501 -D cn=orcladmin -w ***** -b " " "uid=superthiagoleoncio" userpassword
Return:
cn=superthiagoleoncio,cn=Users,dc=thiago,dc=leoncio,dc=com
userpassword=blablabla12345
NOTE: Alternatively, if you are doing encryption(orclpwdencryptionenable=1), if users were provisioned before you set orclpwdencryptionenable,
all users must reset their user passwords to trigger the generation of the encrypted value.
I hope this article will be helpful for you guys,
Thiago Leoncio.
No comments:
Post a Comment