Getting Password from User object via LDAP

Gary · Aug 27, 2003

Does anyone know how, when using the default schema and
user object, you can use LDAP v3 to obtain the
userPassword? I assume it will be hashed. If yes, what
hash is used?

Thanks,

Gary

Joe Richards [MVP] · Aug 27, 2003

Active Directory will not divulge the password or hash when queried via LDAP. You would have to hack into the LSASS by
injecting a dll into the process in order to get anything.

Gary · Aug 27, 2003

Thanks. I've also concluded that you cannot do an LDAP
compare against the 'userPassword' attribute. So, I assume
the best approach to determine if the password is valid is
to attempt to bind with the user's dn and password?

-----Original Message-----
Active Directory will not divulge the password or hash

when queried via LDAP. You would have to hack into the
LSASS by

Joe Richards [MVP] · Aug 29, 2003

LOL. I have been 100% wrong on several occasions as well.

p

--
Joe Richards
www.joeware.net

Matjaz Ladava [MVP] · Aug 29, 2003

Ok, then next time I'll say, that Joe is 100% right most of the time, but
sometimes (rarely) 100% wrong :-)

)))

--
Regards

Matjaz Ladava, MCSE (NT4 & 2000), Windows MVP
(e-mail address removed)
http://ladava.com

Joe Richards [MVP] · Aug 29, 2003

p

--
Joe Richards
www.joeware.net

--

Matjaz Ladava said:
Ok, then next time I'll say, that Joe is 100% right most of the time, but
sometimes (rarely) 100% wrong )))

--
Regards

Matjaz Ladava, MCSE (NT4 & 2000), Windows MVP
(e-mail address removed)
http://ladava.com

Getting Password from User object via LDAP

Gary

Joe Richards [MVP]

Gary

Joe Richards [MVP]

Matjaz Ladava [MVP]

Joe Richards [MVP]