tags:

views:

195

answers:

2

Is there a way to specify the hash algorithm (MD5, SHA1, etc.) to use for storing the passwords when you update an Open LDAP directory using Java APIs with code like this:

private void resetPassword(String principal, String newPassword) throws NamingException {
InitialDirContext ctxAdmin = null;
    Hashtable<String, String> ctxData = new Hashtable<String, String>();
    ctxData.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    ctxData.put(Context.PROVIDER_URL, "ldap://myserver:389");
    ctxData.put(Context.SECURITY_AUTHENTICATION, "simple");
    ctxData.put(Context.SECURITY_PRINCIPAL, "admin_dn");
    ctxData.put(Context.SECURITY_CREDENTIALS, "admin_passwd");
    InitialDirContext ctxAdmin = new InitialDirContext(ctxData);
    if (newPassword == null || newPassword.equals("")) {
        String msg = "Password can't be null";
        throw new NamingException(msg);
    } else {
        if (principal == null || principal.equals("")) {
            String msg = "Principal can't be null";
            throw new NamingException(msg);
        } else {
        if (ctxAdmin == null) {
            String errCtx = "Can't get LDAP context";
            throw new NamingException(errCtx);
            }
        }
    }   
    BasicAttribute attr = new BasicAttribute("userpassword", newPassword);
    ModificationItem modItem = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attr);
    ModificationItem[] items = new ModificationItem[1];
    items[0] = modItem;
    ctxAdmin.modifyAttributes("cn=" + principal + ",ou=Users,dc=com", items);
}
A: 

I think you will have to hash your password with using SHA1 (http://java.sun.com/javase/6/docs/technotes/guides/security/), create a LDAPAttribute with the hash, and call modify on the connection.

ring bearer
+2  A: 

Something along these lines should do it: (MD5) Shown

context.setAttributeValue("userPassword", digestMd5("newPassword));

private String digestMd5(final String password) {
  String base64;
  try {
     MessageDigest digest = MessageDigest.getInstance("MD5");
     digest.update(password.getBytes());
     base64 = new BASE64Encoder().encode(digest.digest());
  }
  catch (NoSuchAlgorithmException e) {
     throw new RuntimeException(e);
  }
  return "{MD5}" + base64;
}

-jim

jeemster