[Date Prev][Date Next] [Chronological] [Thread] [Top]

How is userPassword stored?



Hi,

I'm building a small web application that manages user accounts in OpenLDAP
and also provides authentication via java servlets and JNDI. When
authenticating I don't bind into LDAP with the supplied values but simply
read and compare the passwords. When storing userPassword I supply it as
cleartext but there seems to be a default hash applied to it (which I
believe is SSHA since the value changes on every reread).

But then I noticed that LDAP Browser:
http://www.softerra.com/products/ldapbrowser.php
displays the passwords as cleartext, so there has to be a simpler
algorithm.

What is the correct way to "decrypt" the userPassword?
Digging through the archives I found a mention of disabling hashing of
userPassword, but I don't know how to do it.
I would rather encrypt within the servlet anyway since we have requirements
to encrypt all data.

I'm running OpenLDAP 2.0.25 on suse linux 7.3  kernel 2.4.10.

Any hint is much appreciated!

Thanks
Guido