Announcement Announcement Module
Collapse
No announcement yet.
LDAP Login with SHA encryption Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • LDAP Login with SHA encryption

    Hello everybody

    I have an old Java Webapplication with acegi security. I want to store the passwords of the user in a LDAP Database with SHA encryption.
    The new password is stored correctly as SHA-Encryption into the ldap database. The ldap database only add a BASE64 encoding.
    So now when I want to login I always get a Bad credentials error.
    When I set the password thorugh a other application the login works it also works with plain text.

    security.xml
    Code:
     <bean id="authenticationManager"
        class="org.acegisecurity.providers.ProviderManager">
        <property name="providers">
          <list>
            <ref local="ldapAuthenticationProvider" />
            <ref local="rememberMeAuthenticationProvider" />
          </list>
        </property>
      </bean>
    
     <bean id="initialDirContextFactory"
        class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
        <constructor-arg value="${ldap.server}/${ldap.base}" />
        <property name="managerDn">
          <value>${ldap.username}</value>
        </property>
        <property name="managerPassword">
          <value>${ldap.password}</value>
        </property>
      </bean>
    
      <bean id="ldapAuthenticationProvider"
        class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
        <constructor-arg>
          <bean
            class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
            <constructor-arg>
              <ref local="initialDirContextFactory" />
            </constructor-arg>
            <property name="userDnPatterns">
              <list>
                <value>uid={0},ou=users</value>
              </list>
            </property>
          </bean>
        </constructor-arg>
        <constructor-arg>
          <bean
            class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator">
            <constructor-arg>
              <ref local="initialDirContextFactory" />
            </constructor-arg>
            <constructor-arg>
              <value>ou=groups</value>
            </constructor-arg>
            <property name="groupRoleAttribute">
              <value>cn</value>
            </property>
          </bean>
        </constructor-arg>
      </bean>
    What I miss is the passwordEncoder for ldapAuthenticationProvider. But I don't know where to put it.

    Thanks for your help

  • #2
    If you are using bind authentication, you don't need a password encoder. How the password is stored in the LDAP directory is irrelevant from an authenticating client's perspective. Any encoding of the password when you are setting it should be done by the directory itself, not by your app. Otherwise bind operations won't work at all as the directory won't know that the password is encoded.

    Also, you shouldn't really be using Acegi as it has known vulnerabilities and is no longer maintained.

    Comment


    • #3
      Thanks a lot.

      Comment

      Working...
      X