Not all of the supported encryption methods are 1 way. We are using
iMASK. When I do an ldapsearh through the tree with administrator
priviliges, I can view the passwords in clear text, even though the
same passwords are encrypted in an ldif file.

If you are using iMASK encryption, you should be able to load the ldif
into another LDAP server, and ldapsearch for the object and get the
password out in clear text.

On Tue, 01 Apr 2003 09:24:29 -0800, "Michael Vilain
<vilainspamcop.net>" wrote:
>In article <3e882d1a$0$49105$e4fe514cnews.xs4all.nl>,
> "Louis" <nospamnospam.nl> wrote:
>
>> I exported my local LDAP database (used with enterprise server 3.61) to an
>> ldiff export file. The passwords in the file are encrypted. How do I decrypt
>> these password ?
>
>You can't. The passwords are a 1-way hash. You can "crack" them by
>doing a brute-force comparison against a dictionary of common passwords
>or various permutations on their name, username, and initials but you
>can't convert the existing password to clear text.
>
>Nice try.