我有以下JNDI代码在新用户中为Apache DS生成密码:
private String digest(String algorithm,String password) throws NoSuchAlgorithmException {
String r = null;
byte [] b = null;
MessageDigest md = MessageDigest.getInstance(algorithm);
BASE64Encoder encoder;
md.update(password.getBytes());
b = md.digest();
encoder = new BASE64Encoder();
System.out.println(encoder.encode(b));
r = encoder.encode(b);
return r;
}
此代码添加新用户:
public User create(User t) throws PersistenceException {
NamingEnumeration answer = null;
Attributes matchAttrs = null;
Attribute objectClass = new BasicAttribute("objectClass");
try {
matchAttrs = new BasicAttributes(true); // ignore attribute name case
matchAttrs.put(new BasicAttribute("uid",t.getCommonId()));
answer = getConnection().search(userContext, matchAttrs);
if( ! answer.hasMore() )
{
matchAttrs = new BasicAttributes(true);
objectClass.add("inetOrgPerson");
objectClass.add("organizationalPerson");
objectClass.add("person");
objectClass.add("top");
matchAttrs.put(objectClass);
matchAttrs.put(new BasicAttribute("cn", t.getFirstName()));
matchAttrs.put(new BasicAttribute("sn", t.getLastName()));
matchAttrs.put(new BasicAttribute("givenName", t.getFirstName()));
matchAttrs.put(new BasicAttribute("mail", t.getCommonId()));
matchAttrs.put(new BasicAttribute("userPassword", diggest("MD5",t.getPassword())));
getConnection().createSubcontext("uid="+t.getCommonId()+","+userContext,matchAttrs);
}
else
throw new PersistenceException("This user already exists.");
} catch (NoSuchAlgorithmException ex) {
throw new PersistenceException("LDAP exception creating user - Hash algorithm not found.");
} catch (NamingException ex) {
ex.printStackTrace();
throw new PersistenceException("LDAP exception creating user.");
}
return t;
}
当我调用此代码时,它会生成一个哈希MD5(我将“MD5”作为算法传递),然后在Base64中进行编码,并返回用于LDAP(apacheds)服务器的新用户的密码。
但是,服务器始终创建用户并将“SSHA”作为创建用户的算法。我该如何解决这个问题?我尝试了很多没有成功的选择,现在我决定问一下。有没有办法对LDAP服务器说密码是用特定的哈希编码的?
答案 0 :(得分:2)
尝试此操作添加用户...
import java.util.Hashtable;
import java.util.Properties;
import java.util.jar.Attributes;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
public class LdapProgram {
public static void main(String[] args) {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost:10389");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL,"uid=admin,ou=system"); // specify the username
env.put(Context.SECURITY_CREDENTIALS,"secret");// specify the password
// TODO code application logic here
// entry's DN
String entryDN = "uid=user1,ou=system";
// entry's attributes
Attribute cn = new BasicAttribute("cn", "Test User2");
Attribute sn = new BasicAttribute("sn", "Test2");
Attribute mail = new BasicAttribute("mail", "newuser@foo.com");
Attribute phone = new BasicAttribute("telephoneNumber", "+1 222 3334444");
Attribute oc = new BasicAttribute("objectClass");
oc.add("top");
oc.add("person");
oc.add("organizationalPerson");
oc.add("inetOrgPerson");
DirContext ctx = null;
try {
// get a handle to an Initial DirContext
ctx = new InitialDirContext(env);
// build the entry
BasicAttributes entry = new BasicAttributes();
entry.put(cn);
entry.put(sn);
entry.put(mail);
entry.put(phone);
entry.put(oc);
// Add the entry
ctx.createSubcontext(entryDN, entry);
// System.out.println( "AddUser: added entry " + entryDN + ".");
} catch (NamingException e) {
System.err.println("AddUser: error adding entry." + e);
}
}
}
答案 1 :(得分:0)
当LDAP存储加密密码时,它将以以下格式存储:
{MD5}<md5hashInBase64>
尝试在此处明确添加"{MD5}":http://andrew-stephanie.ca/ldap-md5-java
matchAttrs.put(new BasicAttribute("userPassword", "{MD5}" + digest("MD5",t.getPassword())));