stackoom
  简体   繁体   中英

How to store password in ldap server using java

 原文  2014-11-27 11:44:29       java

Question

我需要使用Java代码将密码存储在ldap服务器中。在存储密码时,我必须指定ldap可用的任何加密方法。

2 answers

solution1
 1  2014-11-27 11:49:54

1) Store password in char[] instead of String Strings are immutable in Java and there is no way you can erase content of String because any modification in String will result in a new String. Also Strings are cached in String pool which pose a security risk of exposing password in clear text to anyone who has access to memory of java application. even an accident like core dump of java application, generating memory dump in /tmp can put passwords in real threat. by using char[] you can erase convents by setting it blank or any other character which reduces security risk of exposing password. See Why char array is better than String for storing password in Java for more detail

2) Always use encrypted password in Application This is one step further from earlier tip, instead of Storing password or sensitive information in clear text always store them in encrypted or hashed format. This reduces risk of exposing password to any stranger who some how has access of application memory while you are performing authentication.

Read more: http://javarevisited.blogspot.com/2012/05/best-practices-while-dealing-with.html#ixzz3KGjhHlps 

new BasicAttribute("password", passValue)

i think we dont want to specify ..it automatically encrypt into ldap configuration

solution2
 0  2014-11-27 12:28:43

When you are inserting a new entry in LDAP through JNDI, you need to create the entry by giving all its object hierarchy. For inetOrgPerson, the password is in an attribute called userPassword (optional attribute in 'person' object in core schema.

You have to create a number of attributes (in BasicAttributes object), as according to the schemas (including meta attributes, like NAME, SUP, STRUCTURAL, etc., refer URLS for schema structure)in your case, core and inetOrgPerson schema:

http://www.zytrax.com/books/ldap/ape/inetorgperson.html http://www.zytrax.com/books/ldap/ape/core-schema.html#organizationalperson

Once you have the object prepared, user context.rebind

NOTE: All LDAP implementations are different and you may get some unexpected results for example, in the above method, you will get additional attributes (non-LDAP operational attributes) in the bound object in Apace DS. The workaround is to use Apache LDAP API (refer: http://directory.apache.org/api/ ). In MS ActiveDirectory, you may face other issues. JNDI is good to read entries but not very great to write/put-in entries

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to provide password authentication for LDAP server in Java? How to bind in Java using DN and Password in LDAP? Update password in ldap using java How to connect to Ldap server using java? Check username and password in Ldap server through java How to encrypt password while sending it to ldap server using spring ldap template how to get all LDAP directory user and store it to a file using Java How to read LDAP password policy in Java How to store server password in Java client for later reconnects? Change password LDAP Java
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM