[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: using userPassword attribute

To: "'Oberwetter, josh'" <joberwetter@grownetwork.com>
Subject: RE: using userPassword attribute
From: Mahesh Patil <Mahesh.Patil@Netdecisions.com>
Date: Tue, 2 Apr 2002 09:02:24 +0100
Cc: "'openldap-software@OpenLDAP.org'" <openldap-software@OpenLDAP.org>

Title: RE: using userPassword attribute

Thanks buddy.

Yes you are right, I should have asked the question "What attribute type should I use to store encrypted data" ?? And ya, this question is still not answered !! Anybody would like to answer this question ???

Thanks,

Mahesh

-----Original Message-----
From: Oberwetter, josh [mailto:joberwetter@grownetwork.com]
Sent: Monday, April 01, 2002 8:59 PM
To: 'Mahesh Patil'
Cc: 'openldap-software@OpenLDAP.org'
Subject: RE: using userPassword attribute

No, they're not "junk". They're base64 encoded, as Adam said. See the different constructors for the String class.
The LDAP browser makes the value legible by changing the encoding, e.g.

byte[] junk = /* get the bytes here */
String legible = new String((byte[]) value);

I've looked at the source for the Java browser -- the piece that displays the userPassword attribute is hidden behind an interface, and the various implementations can do things to the bytes like change character encodings and decryption.

Generally the LDAP client is responsible for encrypting and decrypting data. You can do so in any number of ways. If you're coding in Java, I suggest that you learn a few things about the Java crypto API.

But these questions aren't necessarily relevant to the OpenLDAP mailing list. On this list you might ask things like "what attributetype should I use to store the encrypted value?"

-----Original Message-----
From: Mahesh Patil [mailto:Mahesh.Patil@Netdecisions.com]
Sent: Monday, April 01, 2002 8:04 AM
To: Mahesh Patil
Cc: 'openldap-software@OpenLDAP.org'
Subject: RE: using userPassword attribute

Though its showing junk characters, I can perform compare operation on
password attribute which solves my problem.

Thanks for your concern.

Do you have any idea on "storing encrypted creditcard numbers in
LDAP and retrieving them" ???

Thanks,
Mahesh

-----Original Message-----
From: Adam Williams [mailto:awilliam@whitemice.org]
Sent: Monday, April 01, 2002 6:00 PM
To: Mahesh Patil
Cc: 'openldap-software@OpenLDAP.org'
Subject: RE: using userPassword attribute

>I'm using Java. When I try to retrieve all user attributes and print it, it
>shows junk characters though its storing it properly. I'm using one Java
>based LDAP browser to view my tree. This tool also show password as
>BINARY(38b) but when I double click on this attribute it shows proper
value.
>But when I'm retrieving this password through my java program it doesn't
>show me proper password !! any idea ??

The password string is base64 encoded in the DSA, which may make it look
like junk. (I know nothing about Java) Is there a way you can decode
the string as though is it base64 encoded and see if it appears correct
then?

Prev by Date: server load with LDAPv3
Next by Date: Quick question how to manage pam + nss !!!
Index(es):
- Chronological
- Thread