Announcement Announcement Module
No announcement yet.
Recommendations for storing LDAP passwords? Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Recommendations for storing LDAP passwords?

    I was wondering if anyone had some recommendation when it comes to storing password in enterprise environments.

    When using Container managed security with LDAP, the password used to connect to LDAP is stored/protected by the container (and not my problem ). I would like to use Spring Security's LDAP authentication, but then I end up with a password in cleartext.
    Some of our customers have strict security policies that prohibit storing cleartext passwords, and I would like to be able to comply.


  • #2
    For all of my infrastructure-level passwords (DBs, LDAPs, JMS, etc), I always keep the configured passwords encrypted in the configs. I then decrypt the passwords during the creation of the those infrastructure-level beans before setting the clear-text password in the bean. There are several ways of decrypting the passwords, depending on how you configure your beans. For example, a bean post processor would work for all config styles (e.g. XML and Java-based config). If you use Java-based config (@Bean), then you can then decrypt the passwords before setting your password property. For the encryption.decryption, I use the Bouncy Castle crypto library. You could also use Spring Security's crypto module.