[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: batch encrypting passwords

Fernando Medina, Jr. wrote:
I have several users setup in a test environment...now they are about to
go into production and I need to change their password from cleartext to
crypt or something.  Cna someone tell me how to encrypt all of them at
once?  Using GQ for linux I can easily change password encrytpion, but
woudl like to do it all at once.  Thanks,

I think the easiest way is to use a scripting language to build an ldif file (and then apply it with ldapmodify).

Here's a snippet of python (won't work as is due to no parsing of input and no looping mechanism specified) that I use for constructing valid {crypt} entries. The second block of code should go inside a loop (where you've already parsed the input and assigned the plaintext password to the variable "plaintxt" and assigned the username to the variable "username"):

import crypt import random import string output = ''

  an = string.letters + string.digits
  salt = random.choice(an) + random.choice(an)
  pw = crypt.crypt(plaintxt, salt)
  output = output + "dn: uid=" + username + ",ou=People,dc=example,dc=com\n"
  output = output + "changetype: modify\n"
  output = output + "replace: userPassword\n"
  output = output + "userPassword: {crypt}" + pw + "\n\n"

outputfile = "cryptedpasses.ldif"
g = open(outputfile, "w")

Obviously perl (or any number of other languages) could be used instead.  Also, you can choose a different encryption mechanism ({md5}, {sha},...) if you wish.

	good luck,