Usage: java -jar DumpPasswordInformation.jar [ -dvAEL ] [ -h <host> ] [ -p <port> ] 
-D <the DN of the object used for authentication> [ -w <bind password> ] [ -
b <baseDN> ] [ -Z <encrypted connection> ] [ -e <keystore> ] [ -f <LDIF-File> ]
[ -l <timelimit> ] [ -z <sizelimit> ] [ -S <searchAttribute> ] [ -V <searchValue> ]

    -d    If present, enable API debug output - Default=false
    -v    If present, enable verbose output - Default=false
    -A    If present, True if we should use ALL entries or false if to use a single entry - Default=false
    -E    If present, True Additional account information is provided - Default=false
    -L    If present, Print responses in LDIFv1 format that could be imported -Default=false
    -h    host name or IP address.  A port can  be specified with the host name as hostname:port, i.e. myhost:389.  
           See also the -p option - Default="localhost"
    -p    host IP port number.  See also the -h option - Default=389
    -D    cn=admin,ou=administration,dc=com - Required Argument
    -w    the password for the DN of the object used for authentication - Default=" "
    -b    the baseDN where entries are or the FDN of a single entry - Default=""
    -Z    sets the type of encrypted connection. 
            SSL   - Establishes an encrypted connection using SSL. The default port is 636.
            TLS   - Establishes an encrypted connection using TLS - Default="TLS"
    -e    Path to a Java Keystore.  A valid certificate in the keystore enables an encrypted TLS connection.  See also the -Z option. - Default=""
    -f    Complete path to LDIF File for output - Default="dumppasswordinformation.ldif"
    -l    limit   time limit (in seconds) for connect or search - Default=30
    -z    size limit (in entries) for search - Default=10000
    -S    A LDAP attribute used to locate a single entry specified in the -V option. Requires the -A option - Default="cn"
    -V    The value to use with the -S attribute to locate a single entry specified in the -S option.Requires the -A option - Default=""

-d (debug)#

Selecting Debug will place additional information on the command-line. Overrides Verbose.

-v (verbose)#

Selecting Verbose will limit the output to errors encountered with the program operation. No output for user entries will be shown.

-A#

When used, the BaseDN value will serve as the BaseDN to start searching for all user entries below the value of the BaseDN. When NOT used, it is assumed the BaseDN provided is one user entry.

-E (Extra)#

When used, additional account information will be provided that includes "Account Disabled", Intruder Detected" and more.

-L (LDIF)#

When used, When this is checked, a file (see [#LDIF File Path]) will be created that would allow re-importing the values for the accounts that are evaluated.

-h <host>#

host DNS name or IP address. A port can be specified with the host name as hostname:port, i.e. myhost:389. See also the -p option - Default="localhost"

-D <the DN of the object used for authentication> #

The fully distinguished name in LDAP format:
 cn=admin,ou=administration,dc=com
Required Argument

-w <bind password> #

The password for the (-D entry) DN of the object used for authentication - Default=" "

-b <baseDN> #

The baseDN where entries are or the FDN of a single entry - Default=""

-Z <encrypted connection>#

Sets the type of encrypted connection. Must be one of:
  • SSL - Establishes an encrypted connection using SSL. The default port is 636.
  • TLS - Establishes an encrypted connection using TLS - Default="TLS"

-e <keystore> #

The Dump Password Information Tool uses a Fake Trust Manager for establishing TLS or SSL LDAP connections. Usage of the Fake Trust Manager can be used securely on internal networks unless you think someone is masquerading as you LDAP server. We can not recommend using this tool across the Internet, period.

-f <LDIF-File> #

When this is checked, a file (see [#LDIF File Path]) will be created that would allow re-importing the values for the accounts that are evaluated.

-l <timelimit> #

The Time Limit is the amount of Time the Application will wait for the following operations:
  • To bind to the LDAP directory
  • For the Search for User Entries to return

-z <sizelimit> #

Enter the Limit for the number of users you will be evaluating. We provided this value for issues in really large trees of over 100,000 users. Most people can leave the value at the default.

-S <searchAttribute>#

The "Search Attribute" value can be used to perform searches for users that match the "Search Attribute"="Search Value".

-V <searchValue> #

The "Search Attribute" value can be used to perform searches for users that match the "Search Attribute"="Search Value".

Using an LDIF file#

The "-L" option will place the values into an LDIF file. If no file (-f) is specified, the files will be dumppasswordinformation.ldif in the directory where the application is run. You can use the (-f) to use a full path including file name to any file you desired.

More Examples#

The following line:
  java -jar DumpPasswordInformation.jar -dvAL  -h 192.168.1.7  -z 3000 -Z SSL -D cn=jim,ou=butler,ou=people,dc=willeke,dc=com  -w <secret> -b dc=willeke,dc=com >passwords.ldif
Will yield an LDIF file "dumppasswordinformation.ldif" with typical output similar to:
   dn: cn=sampson,ou=people,dc=willeke,dc=com
   changetype: modify
   replace: userpassword
   userpassword: x9vpu7bz
You could use this to backup passwords.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-6) was last changed on 28-Aug-2011 10:46 by jim