当使用Java API更新Open LDAP目录时,有没有办法指定用于存储密码的哈希算法(MD5,SHA1等),代码如下:
private void resetPassword(String principal, String newPassword) throws NamingException {
InitialDirContext ctxAdmin = null;
Hashtable<String, String> ctxData = new Hashtable<String, String>();
ctxData.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
ctxData.put(Context.PROVIDER_URL, "ldap://myserver:389");
ctxData.put(Context.SECURITY_AUTHENTICATION, "simple");
ctxData.put(Context.SECURITY_PRINCIPAL, "admin_dn");
ctxData.put(Context.SECURITY_CREDENTIALS, "admin_passwd");
InitialDirContext ctxAdmin = new InitialDirContext(ctxData);
if (newPassword == null || newPassword.equals("")) {
String msg = "Password can't be null";
throw new NamingException(msg);
} else {
if (principal == null || principal.equals("")) {
String msg = "Principal can't be null";
throw new NamingException(msg);
} else {
if (ctxAdmin == null) {
String errCtx = "Can't get LDAP context";
throw new NamingException(errCtx);
}
}
}
BasicAttribute attr = new BasicAttribute("userpassword", newPassword);
ModificationItem modItem = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attr);
ModificationItem[] items = new ModificationItem[1];
items[0] = modItem;
ctxAdmin.modifyAttributes("cn=" + principal + ",ou=Users,dc=com", items);
}
答案 0 :(得分:5)
沿着这些方向应该做的事情:(MD5)显示
context.setAttributeValue("userPassword", digestMd5("newPassword));
private String digestMd5(final String password) {
String base64;
try {
MessageDigest digest = MessageDigest.getInstance("MD5");
digest.update(password.getBytes());
base64 = new BASE64Encoder().encode(digest.digest());
}
catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
return "{MD5}" + base64;
}
-Jim
答案 1 :(得分:1)
我认为你必须使用SHA1(http://java.sun.com/javase/6/docs/technotes/guides/security/)来哈希密码,创建一个LDAPAttribute hash,并在连接上调用modify。