====== ldif2passwd.pl ======

This Perl-Script helps you to build a passwd file from your LDAP data. This is useful to feed it into a password cracker (like [[http://www.openwall.com/john/|john]]) to test for weak passwords.

It's just a quick hack. Only passwords are Base64 decoded to decode other fields as well hacke the source.

<code perl>
#!/usr/bin/perl
use MIME::Base64;

my %user;
while (<>){
  $line = $_;

  #skip comments
  next if($line =~ m/^#/);

  #trim whitespaces
  $line =~ s/\s*$//;
  $line =~ s/^\s*//;

  if($line eq ''){
    # print old user
    if($user{'login'} ne ''){
      print join(':',$user{'login'},
                     $user{'pass'},
                     $user{'uid'},
                     $user{'gid'},
                     $user{'gecos'},
                     $user{'home'},
                     $user{'shell'});
      print "\n";
    }
    # initialize new user
    %user = ();
    next
  }

  if($line =~ m/^uidNumber(::?) (.*)/i){
    $user{'uid'}   = $2;
  }if($line =~ m/^userPassword(::?) (.*)/i){
    if($1 eq '::'){
      $user{'pass'}=  decode_base64($2);
      $user{'pass'}=~ s/{.*}//;
    }else{
      $user{'pass'}= $2;
    }
  }elsif($line =~ m/^uid(::?) (.*)/i){
    $user{'login'} = $2;
  }elsif($line =~ m/^gidNumber(::?) (.*)/i){
    $user{'gid'}   = $2
  }elsif($line =~ m/^gecos(::?) (.*)/i){
    $user{'gecos'} = $2
  }elsif($line =~ m/^loginShell(::?) (.*)/i){
    $user{'home'}  = $2
  }elsif($line =~ m/^homeDirectory(::?) (.*)/i){
    $user{'shell'} = $2
  }
}
</code>

**Usage:**

  $> ldapsearch -L -D 'cn=admin,dc=foo,dc=bar' -w pass -x -b 'ou=people,dc=foo,dc=bar' 'objectclass=posixAccount' |\
     perl ldif2passwd.pl > passwd.1