Re: OID accounts
From: Thierry PLASSART <thierry.plassart_at_wanadoo.fr>
Date: Thu, 20 Oct 2005 08:51:57 +0200
Message-ID: <43573e10$0$20167$8fcfb975_at_news.wanadoo.fr>
> TeePee <tplassart_at_yahoo.fr> wrote:
> > I have some troubles with OID accounts... Is there a tool (or PL/SQL
code)
> > that could help retrieving account settings and password?
>
> Strictly speaking, there is no 'account' in LDAP, you can 'bind' (as the
> technical term goes) as any distinguished name if you have the
permissions.
>
> You can use 'ldapsearch' to find all attributes of a person (I assume
> that you are looking for persons).
>
> Be sure that you use Oracle's ldapsearch.
>
> Examples:
>
> ldapsearch -D cn=orcladmin -w <password> -U 1 \
> -b '<distinguished name of the person>' -s base '(objectclass=person)'
>
> will list all attributes of this person.
>
> ldapsearch -D cn=orcladmin -w <password> -U 1 \
> -b '' -s sub '(objectclass=person)' ''
>
> will list the distinguished names of all persons in the directory.
>
> (The -U 1 option assumes that you have SSL set up. You can omit it if
> you don't mind sending your admin password over the net.)
>
> Two things that I should mention:
>
> - No unencrypted password is stored in OID, so you cannot retrieve them.
> - There is no entry 'cn=orcladmin' in OID. I thing that this is a
> weirdness of OID. Does anybody have a clue why?
>
> Yours,
> Laurenz Albe
Received on Thu Oct 20 2005 - 08:51:57 CEST
Date: Thu, 20 Oct 2005 08:51:57 +0200
Message-ID: <43573e10$0$20167$8fcfb975_at_news.wanadoo.fr>
[Quoted] Thanks for your help Albe ! It has been very usefull!
I agree that '- No unencrypted password is stored in OID, so you cannot
retrieve them.'
but I was wondering where could be the API which should be able de-scramble
encrypted password (as the Oracle Directory Manager permits to store
password that can be decrypted...(there's such a checkbox))
Does anyone have the algorythm?
"Laurenz Albe" <invite_at_spam.to.invalid> a écrit dans le message de news:1129113521.905647_at_proxy.dienste.wien.at...
> TeePee <tplassart_at_yahoo.fr> wrote:
> > I have some troubles with OID accounts... Is there a tool (or PL/SQL
code)
> > that could help retrieving account settings and password?
>
> Strictly speaking, there is no 'account' in LDAP, you can 'bind' (as the
> technical term goes) as any distinguished name if you have the
permissions.
>
> You can use 'ldapsearch' to find all attributes of a person (I assume
> that you are looking for persons).
>
> Be sure that you use Oracle's ldapsearch.
>
> Examples:
>
> ldapsearch -D cn=orcladmin -w <password> -U 1 \
> -b '<distinguished name of the person>' -s base '(objectclass=person)'
>
> will list all attributes of this person.
>
> ldapsearch -D cn=orcladmin -w <password> -U 1 \
> -b '' -s sub '(objectclass=person)' ''
>
> will list the distinguished names of all persons in the directory.
>
> (The -U 1 option assumes that you have SSL set up. You can omit it if
> you don't mind sending your admin password over the net.)
>
> Two things that I should mention:
>
> - No unencrypted password is stored in OID, so you cannot retrieve them.
> - There is no entry 'cn=orcladmin' in OID. I thing that this is a
> weirdness of OID. Does anybody have a clue why?
>
> Yours,
> Laurenz Albe
Received on Thu Oct 20 2005 - 08:51:57 CEST