[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Passwords don't appear to hash ???

--On Thursday, September 30, 2004 05:50:31 PM -0700 "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> wrote:

The standard track approach would be to extend the client to update the password via the LDAP Password Modify Extended Operation. How to implement LDAP extended operations using JNDI is a topic for a forum about JNDI.

The JNDI documentation (javadocs) is unhelpful here and a google search just gets you 100's of instances of the same unhelpful javadocs. So I gave up that approach and e;ected to take a non-standards track approach. The following java code does the trick most perfectly:

   MessageDigest md = MessageDigest.getInstance("SHA");

   byte hash[] = md.digest(); //hash of new password

   String userPwd = com.Ostermiller.util.Base64.encodeToString(hash);

   Attribute oc = new BasicAttribute("userPassword");
   oc.add("{SHA}" + userPassword);

   ModificationItem mods[] = new ModificationItem[1];
   mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, oc);

   ctx.modifyAttributes(DN, mods);

-- Rob Tanner UNIX Services Manager Linfield College, McMinnville OR