stackoom
  简体   繁体   中英

Setting a SSHA Password in LDAP from Spring

 原文  2013-11-26 15:17:45       java/ spring/ security/ ldap/ apacheds

Question

I am having problems working out how to save a password in an Apache DS LDAP in an SSHA hash instead of plain text. As far as I can tell, the correct way to go about it should be configuring Apache DS to use SSHA to store passwords and then when setting the password send only the plain Text. However, I can't work out how to configure Apache DS to do this.

I have pushed the Hashed password into the LDAP (Using an Admin interface to the LDAP) and Apache DS correctly authenticates against the correct password. However I need to insert the password from our Java application. This can't be an unusual request so I must be missing something.

Here is my code for setting the password from java using the LdapTemplate interface from org.springframework.ldap.core 

public void storeNewPassword(final String userId, final String password) {

    final DistinguishedName dn = new DistinguishedName("dc=users,dc=pms,dc=com");
    dn.add("uid", userId);

    Attribute pass = new BasicAttribute("userpassword", password);

    final ModificationItem mi = new ModificationItem(
        DirContext.REPLACE_ATTRIBUTE,
        pass);
    ldapTemplate.modifyAttributes(dn, new ModificationItem[] {mi});

}

The Above code correctly sets the password, but when I look at the Apache DS Server I see that the password has been saved in plain text:

Please can someone verify whether this is the correct approach for setting passwords, and suggest how I can configure Apache DS to apply SSHA to passwords it receives.

Thanks

1 answers

solution1
 3  

You as the client are responsible to hash and encode the password. The server just stores it like any other attribute.

If you want to hash the password using MD5, you can use code like this: 

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;

public class PasswordUtil {
  public String hashAndEncodePassword(String password) {
    final byte[] md5 = DigestUtils.md5(password.trim().getBytes("UTF-8"));
    final byte[] base64 = Base64.encodeBase64(md5);
    final String hashedAndEncoded = new String(base64, "ASCII");
    return "{MD5}" + hashedAndEncoded;
  }
}

If you want to use a different hash algorithm, you must change the use of DigestUtils.md5 to the proper method.

If you want to use a salted algorighm like {SSHA} , you must adapt the code, too.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question JNDI LDAP How to decode SSHA password java method for password encrypt in ssha for LDAP Java spring LDAP - Waring LDAP password expire Spring Security Ldap authentication userDn and password from login form How to reset an LDAP password in Spring (Forgotten password) Spring boot and LDAP with SHA512 password Setting timeout on ldap query for spring security Spring LDAP, setting connection details in java How to implement encoded (SHA) password in spring ldap How update password with Spring Ldap template?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM