Export IAM user accounts (with passwords) into LDAP

Question

I have a blank LDAP account and want to import all the IAM user accounts to LDAP and keep the LDAP in sync with IAM (not the other way around using federation). Is this possible? I need a LDIF file with IAM username and passwords to import into LDAP. Or a csv file?? If there is way to do this using awscli I can write a sync script. Or this is possible using aws directory services? Please advise.

Thanks!!

It's pretty much unthinkable that IAM would store cleartext passwords or with reversible encryption. — Michael - sqlbot, Jan 27 '16 at 23:20
true. I was hoping aws directory services can map the IAM users internally. — user5095359, Jan 28 '16 at 14:53

score 0 · Answer 1 · answered Mar 16 '16 at 23:01

0

There is no API call that can extract passwords from IAM User objects.

You would need to use an external authentication method and then use Federation to give them access to AWS.

answered Mar 16 '16 at 23:01

John Rotenstein

821
6
16

Export IAM user accounts (with passwords) into LDAP

1 Answers1