LDAP authentication through JSP and some basic LDAP question...

I can't seem to find a topic related to LDAP so I'm posting here since I am planning to use jsp to interact with the ldap server. My LDAP server consists of a bunch of entries of users and passwords... so for each entry it's like:

dn: uid=neo,o=usa
uid: neo
userPassword: biao

Problem #1: I added an entry like this into my database. When I did a search to output this entry, i got something like:

# neo, rcms2
dn: uid=neo,o=rcms2
objectClass: uidObject
objectClass: simpleSecurityObject
objectClass: organization
uid: neo
o: rcms2
userPassword:: Ymlhbw==

Notice how the password has become encryped? How am I supposed to extract the real password through the search query without having it be encryped?

Also, how would jsp interact with my ldap server with the databse setup like the above example? Any hints or web sites or code would be nice. I tried googling but they were pretty rough and tough for me to comprehend =(. I'm pretty new at this, let alone java.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

> How am I supposed to extract the real password through the search query without having it be encryped?

I don't think you are...  That looks like an MD5 encrypted password, which is unrecoverable...

It's a security feature, to stop you getting a list of usernames an passwords...

You could set the password to a new one, but I don't think you can recover the old one back again....this is the same with most systems...

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
try this url, some sample code available :

yeah i tried setting hte passwored to a new one, and it got encryped to a different string!

the reason i'd like to know how to extract a password is because, how would i be able to authenticate a user through jsp if i can't compare a user's login (id/password) input to the entry in a databaW028since it's all encrypted)?
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

to clarify i tried modifying the encrypted password doing something like

...modify command...
dn: uid=neo,o=rcms2
userPassword: swordfish

and the swordfish is encrypted yet again when i enter a query. i'm starting to guess now that maybe there's a java-based driver that can do all this dirty work for me?
Read up on JNDI.  I think you can get something there about connecting to LDAP
I've got the same problem.
Ymlhbw== is not MD5 encryption. It's just wrong conversion from array of bytes to string.
The thing is that for "userPassword" jndi returns you array of bytes, don't use array.toString(), use new String(array) and you will get your password in cleartext...
Looks like a multi to me:

jinduy asks the question, then lapchern seems to take over...


Hello Tim, long time no see :)

So you mean multi-accounts or split the points?
Hiya!  Hope you're keeping well!! :)  

Yeah...too busy at work :-(  I'm having a 10 minute skiive ;-)  hee hee

I meant Multiple accounts...  

jinduy == lapchern ?

You are probably right. I think I will ask a moderator to take a look at that :)
I will yes. I will go through all the questions again today to do a final cleanup :)
roman_gagarskiy might have hit the nail on the head...

maybe ;)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.