Thanks you very much.
My passwords are SSHA encoded so I compiled a patched JtR.
Just for the record, I first used ldapsearch to export the
userid:userPassword tuples in a file and was trapped by
the base64 encoding of SSHA passwords.
Using the Net::LDAP perl module to generate this file works great.
On Wednesday 06 December 2006 15:25, Cleber P. de Souza wrote:
Another option is export you ldap user password on the form
userid:userPassword for a file and use John the Ripper to try crack
Weaks passwords are shown on few minutes.
If your password is on SSHA format, you'll need apply a patch on the JtR.
On 12/4/06, Thierry Lacoste <lacoste(a)univ-paris12.fr> wrote:
> I'm running OpenLDAP 2.3.24 on a production server.
> As I was in a hurry and discovering LDAP when I installed it,
> I didn't enforce any password policy.
> Now I would like to identify weak passwords to warn their
> users. What are my options?
> Best regards,