Re: Passwords don't appear to hash ???

[Rob Tanner <rtanner@linfield.edu>]

--On Thursday, September 30, 2004 05:50:31 PM -0700 "Kurt D. Zeilenga" 
<Kurt@OpenLDAP.org> wrote:

> The standard track approach would be to extend the client
> to update the password via the LDAP Password Modify Extended
> Operation.  How to implement LDAP extended operations
> using JNDI is a topic for a forum about JNDI.

The JNDI documentation (javadocs) is unhelpful here and a google search 
just gets you 100's of instances of the same unhelpful javadocs.  So I 
gave up that approach and e;ected to take a non-standards track 
approach.  The following java code does the trick most perfectly:

   MessageDigest md = MessageDigest.getInstance("SHA");
   md.update(data.getBytes("UTF8"));

   byte hash[] = md.digest(); //hash of new password

   String userPwd = com.Ostermiller.util.Base64.encodeToString(hash);

   Attribute oc = new BasicAttribute("userPassword");
   oc.add("{SHA}" + userPassword);

   ModificationItem mods[] = new ModificationItem[1];
   mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, oc);

   ctx.modifyAttributes(DN, mods);




--
Rob Tanner
UNIX Services Manager
Linfield College, McMinnville OR