--On Tuesday, April 09, 2013 8:56 AM -0500 Dan White <dwhite(a)olp.net> wrote:
On 04/09/13 09:07 -0400, Derryl Varghese wrote:
> I am setting up openLDAP for one of my Java applications. Usernames and
> passwords are stored in openLDAP and users are able to update their
> passwords via the application (using the javax.naming.directory API'). I
> imported our users from our existing Sun Directory Server into openLDAP.
> Import was successfull and passwords were encrypted in SSHA format. I
> noticed that when i update a password from the application, it stores it
> in 'Plain Text' format. I can unhide the password when i view it via
> Apache Directory Studio. A lot of googling later, i tried setting the
> "password-hash {SSHA}" in the slapd.conf file and that didn't help me
> either. I am on a windows environment. I am passing the password to
> openLDAP in plain text format. There is no encryption going on in the
> code. I know i can encrypt it in the application but i would prefer
> openLDAP to do it for me. Please let me know if i can do anything on the
> openLDAP side.
>
> This is the JAVA code i use today to modify passwords. This has been
> working fine in our existing environment for the past 7 years.
>
> ModificationItem[] newAttribs = new ModificationItem[1];
> Attribute passwordAttrib = new
> BasicAttribute(DirectoryConstants.USER_PASSWORD, password);
> ModificationItem passwordItem = new
> ModificationItem(DirContext.REPLACE_ATTRIBUTE, passwordAttrib);
> newAttribs[0] = passwordItem;
>
> .....
> DirContext ctx = this.getContext();
> ctx.modifyAttributes( DirectoryConstants.USER_UID + "=" + userId +
","
> + ou, newAttribs);
If your application supports the password extended operation, slapd will
hash passwords on the fly according to your password-hash configuration.
I would also *strongly* advise using the unboundID SDK if you are going to
be using Java to talk to LDAP.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration