[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: How is userPassword stored?
hello!
i readed your question about the password. i have the openldap system
without any authentification protocol.
when i save the password clear the ldap save the password clear too, and if
i try to view (via ldapbrowser for example) i can see on clear form.
for my system i "encrypt" (like you say) with crypt and therefore i cant
"decrypt" anyway. the best solution is try to make BIND because the system
solves the problem. Other way is read the password for the system, read your
password on clear way, encrypt your password and compare. but for this last
case you must encrypt with the same
seed.
agustin.
----- Original Message -----
From: <gcasper@s-und-n.de>
To: <openldap-software@OpenLDAP.org>
Sent: Wednesday, October 30, 2002 1:33 PM
Subject: How is userPassword stored?
> Hi,
>
> I'm building a small web application that manages user accounts in
OpenLDAP
> and also provides authentication via java servlets and JNDI. When
> authenticating I don't bind into LDAP with the supplied values but simply
> read and compare the passwords. When storing userPassword I supply it as
> cleartext but there seems to be a default hash applied to it (which I
> believe is SSHA since the value changes on every reread).
>
> But then I noticed that LDAP Browser:
> http://www.softerra.com/products/ldapbrowser.php
> displays the passwords as cleartext, so there has to be a simpler
> algorithm.
>
> What is the correct way to "decrypt" the userPassword?
> Digging through the archives I found a mention of disabling hashing of
> userPassword, but I don't know how to do it.
> I would rather encrypt within the servlet anyway since we have
requirements
> to encrypt all data.
>
> I'm running OpenLDAP 2.0.25 on suse linux 7.3 kernel 2.4.10.
>
> Any hint is much appreciated!
>
> Thanks
> Guido
>
>
>