[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Sample java code for User authentication using SSHA hasing

To: Sundaram Ramasamy <sun@percipia.com>
Subject: Re: Sample java code for User authentication using SSHA hasing
From: Craig Dunigan <cdunigan@doit.wisc.edu>
Date: Mon, 6 Oct 2003 10:16:11 -0500 (CDT)
Cc: openldap-software <openldap-software@OpenLDAP.org>
In-reply-to: <018501c38c0d$70f42da0$8c01a8c0@RSUNDARAM>

You don't have to worry about hashing at all.  Any LDAP authentication
routine typically contain *two* binds, not just one.  The first bind
should be as a service account (probably better not to use the directory
Manager account) which does the search for the user's DN.  Something like
this:

String userName = "sundaram";
String passWord = "mysecret";
String base = "ou=People,dc=example,dc=com";
Hashtable srchEnv = new Hashtable(11);
srchEnv.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
srchEnv.put(Context.PROVIDER_URL, "ldap://ldap.example.com:389";);
srchEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
srchEnv.put(Context.SECURITY_PRINCIPAL, "cn=Manager,dc=example,dc=com");
srchEnv.put(Context.SECURITY_CREDENTIALS, "secret");
String[] returnAttribute = {"dn"};
SearchControls srchControls = new SearchControls();
srchControls.setReturningAttributes(returnAttribute);
srchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String searchFilter = "(cn=" + userName + ")";
try {
    DirContext srchContext = new InitialDirContext(srchEnv);
    NamingEnumeration srchResponse = srchContext..search(base, searchFilter, srchControls);
    // Probably want to test for nulls here
    String distName = srchResponse.nextElement().toString();
} catch (NamingException namEx) {
    namEx.PrintStackTrace();
}
System.out.println("DN : " + distName.toString());

The second bind actually binds as the user with the password given, so you
don't need to compare anything.  The directory simply returns 
authentication success or failure (the latter throws an
AuthenticationException).  Something like this:

Hashtable env = new Hashtable(11);
authEnv.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
authEnv.put(Context.PROVIDER_URL, "ldap://ldap.example.com:389";);
authEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
authEnv.put(Context.SECURITY_PRINCIPAL, userName);
authEnv.put(Context.SECURITY_CREDENTIALS, passWord);
try {
    DirContext authContext = new InitialDirContext(authEnv);
} catch (AuthenticationException authEx) {
    System.out.println("Authentication failed!");
} catch (NamingException namEx) {
    System.out.println("Something went wrong!");
    namEx.PrintStackTrace();
} 

No searching or anything else required in the second bind, since binding 
is all you want to do.  

Hope this helps!

Craig

On Mon, 6 Oct 2003, Sundaram Ramasamy wrote:

> Hi all.
> 
> I want to use LDAP authentication for my web application. using SSHA hashing
> password stored in the LDAP database. I want sample java code for this?
> 
> Using following code, I was able get the password, but  don't know creating
> SSHA hashing password and comparing with existing password,
> 
> 
> Can some one help me on this?
> 
> Thanks
> SR
> 
> 
> 
> 
> 
> 
> 
> 
> 
> import javax.naming.*;
> 
> import javax.naming.directory.*;
> 
> import java.util.Hashtable;
> 
>  public class LdapAuth {
> 
> public static void main(String[] args) {
> 
> // Set up environment for creating initial context
> 
> Hashtable env = new Hashtable(11);
> 
> env.put(
> 
> Context.INITIAL_CONTEXT_FACTORY,
> 
> "com.sun.jndi.ldap.LdapCtxFactory");
> 
> env.put(Context.PROVIDER_URL, "ldap://ldap.example.com:389";);
> 
> // Authenticate as S. User and password "mysecret"
> 
> env.put(Context.SECURITY_AUTHENTICATION, "simple");
> 
> env.put(Context.SECURITY_PRINCIPAL, "cn=Manager,dc=example,dc=com");
> 
> env.put(Context.SECURITY_CREDENTIALS, "secret");
> 
> /*
> 
> env.put(Context.SECURITY_PRINCIPAL,
> 
> "cn=sundaram,ou=People,dc=example,dc=com");
> 
> env.put(Context.SECURITY_CREDENTIALS, "abc123");
> 
> */
> 
> try {
> 
> // Create initial context
> 
> DirContext ctx = new InitialDirContext(env);
> 
> // Perform the search
> 
> NamingEnumeration n1 =
> 
> ctx.search("ou=People,dc=example,dc=com", "(cn=su*)", null);
> 
> System.out.println("CN : " + n1.toString());
> 
> if (n1 == null) {
> 
> System.out.println("No item in the name list");
> 
> } else {
> 
> while (n1.hasMore()) {
> 
> //Object item = n1.next();
> 
> SearchResult item= (SearchResult) n1.next();
> 
> System.out.println("si :" + item.getName() );
> 
> String temp = item.getAttributes().toString();
> 
> 
> System.out.println("att" +temp);
> 
> int s = temp.indexOf( "=userPassword:");
> 
> int e = temp.indexOf( "scriptpath" );
> 
> System.out.println( s + ":"+ e);
> 
> 
> String pass= temp.substring( s +14, e);
> 
> 
> System.out.println("pass :" + pass);
> 
> System.out.println(
> 
> "Item class is " + item.getClass().getName());
> 
> System.out.println(item);
> 
> }
> 
> }
> 
> // Close the context when we're done
> 
> ctx.close();
> 
> } catch (NamingException e) {
> 
> e.printStackTrace();
> 
> }
> 
> }
> 
> }
>

Follow-Ups:
- Re: Sample java code for User authentication using SSHA hasing
  - From: "Sundaram Ramasamy" <sun@percipia.com>

References:
- Sample java code for User authentication using SSHA hasing
  - From: "Sundaram Ramasamy" <sun@percipia.com>

Prev by Date: Re: OpenLDAP, Kerberos, kpasswd
Next by Date: Re: JDBC-LDAP bridge: [LDAP: error code 32 - No such object]
Index(es):
- Chronological
- Thread