Announcement Announcement Module
Collapse
No announcement yet.
How to set the encoding for password field on ldap? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • piloud
    started a topic How to set the encoding for password field on ldap?

    How to set the encoding for password field on ldap?

    Hello, there,

    Our system has something like this:

    ldap.url=ldap://xx.xx.xx.xx:389
    ldap.base=dc=mycompany,dc=com
    ldap.username=cn=Namefield
    ldap.password=xxx

    When I prepopulated all our user data from our oracle database, the password encoding is using MD5 (since our oacle database system is using that). And Everthing is working fine there.

    But when I provide a webpage and let use modify their password from a webpage and doing below:
    --------------------------------------------------------------------
    DirContextOperations context = ldapTemplate.lookupContext(buildDn(cnName));
    context.setAttributeValue("userPassword",cform.get NewPassword());
    ldapTemplate.modifyAttributes(context);

    ---------------------------------------------------------------------

    The password encoding has gone (no longer encoding by MD5) and become clear if I view them from phpLDAPadmin.

    Is there anything I can do to enforce the encoding when I modify the password Attribute, or I should not using modifyAttribute to change password??

    Anyone who has any suggestion?? Or anyone who experience this before??

    Thanks for your time!!

  • piloud
    replied
    Thanks ulsa

    ulsa,

    This is awesome, thank you so much for your help!!

    Best,

    piloud

    Leave a comment:


  • ulsa
    replied
    Unless you can tell your LDAP server to automatically hash the passwords, you must do it yourself. Try something like this:

    Code:
    import java.security.MessageDigest;
    import java.security.NoSuchAlgorithmException;
    ...
    import sun.misc.BASE64Encoder;
    ...
    
          DirContextOperations context = ldapTemplate.lookupContext(buildDn(cnName));
          context.setAttributeValue("userPassword", digestMd5(cform.getNewPassword()));
          ldapTemplate.modifyAttributes(context);
       }
    
       private String digestMd5(final String password) {
          String base64;
          try {
             MessageDigest digest = MessageDigest.getInstance("MD5");
             digest.update(password.getBytes());
             base64 = new BASE64Encoder().encode(digest.digest());
          }
          catch (NoSuchAlgorithmException e) {
             throw new RuntimeException(e);
          }
          return "{MD5}" + base64;
       }

    Leave a comment:


  • rledousa
    replied
    I forgot to write that by using the extended op, the LDAP server takes care of encoding the password using whatever method it's configured to use. It's transparent to you.

    Leave a comment:


  • rledousa
    replied
    I found the best way to do that was to use anLDAP extended operation to change the password (assuming your directory server supports it. Most do nowadays). It's somewhat complicated, but I was able to find sample PasswordChangeRequest and PasswordChangeResponse classes which helped me figure it out. Google those two words.

    Hope that helps
    roy

    Leave a comment:

Working...
X