• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 904
  • Last Modified:

LDAP authentication through JSP and some basic LDAP question...

I can't seem to find a topic related to LDAP so I'm posting here since I am planning to use jsp to interact with the ldap server. My LDAP server consists of a bunch of entries of users and passwords... so for each entry it's like:

dn: uid=neo,o=usa
uid: neo
userPassword: biao
o=usa

Problem #1: I added an entry like this into my database. When I did a search to output this entry, i got something like:

# neo, rcms2
dn: uid=neo,o=rcms2
objectClass: uidObject
objectClass: simpleSecurityObject
objectClass: organization
uid: neo
o: rcms2
userPassword:: Ymlhbw==

Notice how the password has become encryped? How am I supposed to extract the real password through the search query without having it be encryped?

Also, how would jsp interact with my ldap server with the databse setup like the above example? Any hints or web sites or code would be nice. I tried googling but they were pretty rough and tough for me to comprehend =(. I'm pretty new at this, let alone java.
0
jinduy
Asked:
jinduy
  • 5
  • 3
  • 2
  • +3
2 Solutions
 
TimYatesCommented:
> How am I supposed to extract the real password through the search query without having it be encryped?

I don't think you are...  That looks like an MD5 encrypted password, which is unrecoverable...

It's a security feature, to stop you getting a list of usernames an passwords...

You could set the password to a new one, but I don't think you can recover the old one back again....this is the same with most systems...

0
 
kokchoon78Commented:
try this url, some sample code available :

http://www.octetstring.com/products/jdbcldapdriver/
0
 
lapchernCommented:
yeah i tried setting hte passwored to a new one, and it got encryped to a different string!

the reason i'd like to know how to extract a password is because, how would i be able to authenticate a user through jsp if i can't compare a user's login (id/password) input to the entry in a databaW028since it's all encrypted)?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
lapchernCommented:
to clarify i tried modifying the encrypted password doing something like

...modify command...
dn: uid=neo,o=rcms2
userPassword: swordfish

and the swordfish is encrypted yet again when i enter a query. i'm starting to guess now that maybe there's a java-based driver that can do all this dirty work for me?
0
 
anthony_castillonCommented:
Read up on JNDI.  I think you can get something there about connecting to LDAP
0
 
roman_gagarskiyCommented:
I've got the same problem.
Ymlhbw== is not MD5 encryption. It's just wrong conversion from array of bytes to string.
The thing is that for "userPassword" jndi returns you array of bytes, don't use array.toString(), use new String(array) and you will get your password in cleartext...
0
 
TimYatesCommented:
Looks like a multi to me:

jinduy asks the question, then lapchern seems to take over...

*sigh*

:)
0
 
girionisCommented:
Hello Tim, long time no see :)

So you mean multi-accounts or split the points?
0
 
TimYatesCommented:
Hiya!  Hope you're keeping well!! :)  

Yeah...too busy at work :-(  I'm having a 10 minute skiive ;-)  hee hee

I meant Multiple accounts...  

jinduy == lapchern ?

:-/
0
 
girionisCommented:
You are probably right. I think I will ask a moderator to take a look at that :)
0
 
TimYatesCommented:
:-)
0
 
girionisCommented:
I will yes. I will go through all the questions again today to do a final cleanup :)
0
 
TimYatesCommented:
roman_gagarskiy might have hit the nail on the head...

maybe ;)
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 5
  • 3
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now