How to set the encoding for password field on ldap?

piloud

Junior Member

Join Date: Mar 2008

Posts: 12
#1

How to set the encoding for password field on ldap?

Jul 21st, 2008, 01:21 PM

Hello, there,

Our system has something like this:

ldap.url=ldap://xx.xx.xx.xx:389
ldap.base=dc=mycompany,dc=com
ldap.username=cn=Namefield
ldap.password=xxx

When I prepopulated all our user data from our oracle database, the password encoding is using MD5 (since our oacle database system is using that). And Everthing is working fine there.

But when I provide a webpage and let use modify their password from a webpage and doing below:
--------------------------------------------------------------------
DirContextOperations context = ldapTemplate.lookupContext(buildDn(cnName));
context.setAttributeValue("userPassword",cform.get NewPassword());
ldapTemplate.modifyAttributes(context);

---------------------------------------------------------------------

The password encoding has gone (no longer encoding by MD5) and become clear if I view them from phpLDAPadmin.

Is there anything I can do to enforce the encoding when I modify the password Attribute, or I should not using modifyAttribute to change password??

Anyone who has any suggestion?? Or anyone who experience this before??

Thanks for your time!!
Tags: None
rledousa

Junior Member

Join Date: Mar 2008

Posts: 19
#2

Jul 21st, 2008, 03:10 PM

I found the best way to do that was to use anLDAP extended operation to change the password (assuming your directory server supports it. Most do nowadays). It's somewhat complicated, but I was able to find sample PasswordChangeRequest and PasswordChangeResponse classes which helped me figure it out. Google those two words.

Hope that helps
roy
Comment
rledousa

Junior Member

Join Date: Mar 2008

Posts: 19
#3

Jul 21st, 2008, 03:11 PM

I forgot to write that by using the extended op, the LDAP server takes care of encoding the password using whatever method it's configured to use. It's transparent to you.
Comment

ulsa

Senior Member

Join Date: Jul 2005
Posts: 503

Ulrik Sandberg
Jayway (www.jayway.com)
Spring LDAP project member

Jul 22nd, 2008, 04:50 PM

Unless you can tell your LDAP server to automatically hash the passwords, you must do it yourself. Try something like this:

Code:

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
...
import sun.misc.BASE64Encoder;
...

      DirContextOperations context = ldapTemplate.lookupContext(buildDn(cnName));
      context.setAttributeValue("userPassword", digestMd5(cform.getNewPassword()));
      ldapTemplate.modifyAttributes(context);
   }

   private String digestMd5(final String password) {
      String base64;
      try {
         MessageDigest digest = MessageDigest.getInstance("MD5");
         digest.update(password.getBytes());
         base64 = new BASE64Encoder().encode(digest.digest());
      }
      catch (NoSuchAlgorithmException e) {
         throw new RuntimeException(e);
      }
      return "{MD5}" + base64;
   }

Comment

piloud

Junior Member

Join Date: Mar 2008

Posts: 12
#5

Jul 22nd, 2008, 05:24 PM

Thanks ulsa

ulsa,

This is awesome, thank you so much for your help!!

Best,

piloud
Comment