简体繁体 English

Java，带有MySQL的LDAP以及对用户进行身份验证

[英]Java, LDAP with MySQL, and authenticating users

原文 2010-01-20 04:19:21 0 1 java/ ldap/ lotus-domino/ sasl

There's a few moving pieces to this one, so I'll go through things fairly slowly. 这个有一些动人之处，所以我会慢慢进行。

I have a java web app that has registered a few thousand users, and stored them in a MySQL DB. 我有一个注册了数千用户的Java Web应用程序，并将它们存储在MySQL数据库中。 The passwords for each user has been hashed using SHA1, plus a bit of extra trickery including a randomly generated salt. 使用SHA1对每个用户的密码进行了哈希处理，外加一些额外的技巧，包括随机生成的盐。
I also have an LDAP server setup (OpenLDAP). 我也有一个LDAP服务器设置（OpenLDAP）。 I've managed to configure it to use the same MySQL DB as above as a datasource. 我已经设法将其配置为使用与上述相同的MySQL DB作为数据源。
There is a Lotus Domino server. 有一个Lotus Domino服务器。 When users register via the java web app they are also added to the domino server. 当用户通过Java Web应用程序注册时，他们还将添加到Domino服务器中。

When the users try to log into the Domino server is where we have the problems. 当用户尝试登录Domino服务器时，就会遇到问题。 Currently we're using LDAP authentication (on the LDAP server above). 当前，我们正在使用LDAP身份验证（在上面的LDAP服务器上）。 It works if passwords are stored in clear-text, or a straight SHA1 hashing, but the LDAP server can't authenticate those users who have their passwords encrypted by the java web app above (it uses SHA1, plus "extras"). 如果密码以明文形式或直接的SHA1散列存储，则可以使用该密码，但是LDAP服务器无法对通过上述Java Web应用程序加密了密码的用户进行身份验证（它使用SHA1和“ extras”）。

So I'm really not sure how to approach things. 所以我真的不确定如何处理问题。 Someone suggest using LDAP with SASL authentication - but I'm not even sure that would work.... I would have to replicate the same encryption algorithm that is in use in the java web app somehow. 有人建议将LDAP与SASL身份验证结合使用-但我什至不确定那是否行得通...。我必须以某种方式复制Java Web应用程序中使用的相同加密算法。

Any ideas? 有任何想法吗？