I believe have figured out the answer. I am sharing in the event anyone finds this post in the future.
In reading, I learned that slapcat extracts into LDIF format (LDAP Data Interchange Format).
The above, original example is no more than a SSHA password (a SHA-1 that includes a salt in the computation) that has been base64 encoded. Thus if you base64 decode it you are left with the original SSHA string:
I wrapped the echo'ing of the LDIF string into another echo "$( )" just to include a line return at the end.
...or if I put it all together:
...as an update: this worked once I used the 111 hash mode (-m 111).
In reading, I learned that slapcat extracts into LDIF format (LDAP Data Interchange Format).
The above, original example is no more than a SSHA password (a SHA-1 that includes a salt in the computation) that has been base64 encoded. Thus if you base64 decode it you are left with the original SSHA string:
Code:
# echo "$(echo e1NTSEF9b0pvQTdrMDVhMVRSazgxR2pzQ2tONUEybW9kNVNsQkI= | base64 --decode )"
{SSHA}oJoA7k05a1TRk81GjsCkN5A2mod5SlBBI wrapped the echo'ing of the LDIF string into another echo "$( )" just to include a line return at the end.
...or if I put it all together:
Code:
slapcat | grep "userPassword" | sed -e 's/userPassword:: //g' | while read ldifs; do echo "$( echo "$ldifs" | base64 --decode )"; done...as an update: this worked once I used the 111 hash mode (-m 111).