On 04/09/13Â09:07Â-0400, Derryl Varghese wrote:
I am setting up openLDAP for one of my Java applications. Usernames and
passwords are stored in openLDAP and users are able to update their
passwords via the application (using the javax.naming.directory API'). I
imported our users from our existing Sun Directory Server into openLDAP.
Import was successfull and passwords were encrypted in SSHA format. I
noticed that when i update a password from the application, it stores it
in 'Plain Text' format. I can unhide the password when i view it via
Apache Directory Studio. A lot of googling later, i tried setting the
"password-hash {SSHA}" in the slapd.conf file and that didn't help me
either. I am on a windows environment. I am passing the password to
openLDAP in plain text format. There is no encryption going on in the
code. I know i can encrypt it in the application but i would prefer
openLDAP to do it for me. Please let me know if i can do anything on the
openLDAP side.
This is the JAVA code i use today to modify passwords. This has been
working fine in our existing environment for the past 7 years.
ModificationItem[] newAttribs = new ModificationItem[1];
Attribute passwordAttrib = new
BasicAttribute(DirectoryConstants.USER_PASSWORD, password);
ModificationItem passwordItem = new
ModificationItem(DirContext.REPLACE_ATTRIBUTE, passwordAttrib);
newAttribs[0] = passwordItem;
.....
DirContext ctx = this.getContext();
ctx.modifyAttributes( DirectoryConstants.USER_UID + "=" + userId + ","
+ ou, newAttribs);
If your application supports the password extended operation, slapd will
hash passwords on the fly according to your password-hash configuration.