Announcement Announcement Module
Collapse
No announcement yet.
Reading user password in openLDAP Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Reading user password in openLDAP

    Hi,
    I have to check a persons login credentials.
    I am not able to read the userPassword field stored in person type object in LDAP .

    I am able to read all the other fields but when i am trying to access userPassword field it is giving a "class cast exception" when i am type casting it to string like all others.

    Thanks in Advance


    Amol

  • #2
    You probably won't be able to get the user password in clear text; it'll most likely be encrypted.

    If you want to authenticate a user you'll have to try to connect using the user's credentials. Check out this thread for some tips on how to do that.

    Comment


    • #3
      Thanks i was doing POC and managed to retrieve value in a bute array

      Comment


      • #4
        Do not read password at all

        Reading passwords on client side is bad practice anyway. Instead, you should try binding with users dn and and supplied password.
        Basicaly what you need to do is following:

        1) perform search of ldap record that mathces supplied username (either in cn attribute or uid - depands how data is organized in your ldap)
        2) retrive DN of that record
        3) open new connection and try connect as that dn and supplied password
        4) if all is ok - pwd is correct - if you can not connect -> bad password.

        hope this helps.

        Comment


        • #5
          Originally posted by dmadunic View Post
          Reading passwords on client side is bad practice anyway. Instead, you should try binding with users dn and and supplied password.
          Basicaly what you need to do is following:

          1) perform search of ldap record that mathces supplied username (either in cn attribute or uid - depands how data is organized in your ldap)
          2) retrive DN of that record
          3) open new connection and try connect as that dn and supplied password
          4) if all is ok - pwd is correct - if you can not connect -> bad password.

          hope this helps.
          Isn't that also known as "search and bind" at least that is what I get when I read the Apache docs on using LDAP for AA.

          Comment


          • #6
            Correct ;-)

            Comment

            Working...
            X