Hi,
your question is not clear.
1) When you say 'how can I use Crypt or MD5', you don't tell us in which
context. Typically, as you add some API code, it may be that you want to
store MD5 or Crypt hashed password in a LDAP server, but you don't tell
us which LDAP server you are referring to.
2) Assuming it's not ApacheDS, you probably want to use slappasswd to
inject new users. It allows you to specify the Hash function to use for
your password.
3) If you want to do that programatically, using Apache LDAP API, youc
an use the PasswordUtil.createStoragePassword() with one of the
algorithms listed in
org.apache.directory.api.ldap.model.constants.LdapSecurityConstants. For
instance :
> connection.add(new DefaultEntry(
> "uid=" + name + ",ou=people,dc=join,dc=com",
> "objectClass: account",
> "objectClass: posixAccount",
> "objectClass: shadowAccount",
> "objectClass: top",
> "cn", name,
> "gidNumber", gidNumber,
> "homeDirectory", home,
> "uidNumber", uidNumber,
> "userPassword",
PasswordUtil.createStoragePassword( upassword,
LdapSecurityConstants.HASH_METHOD_CRYPT )
> ));
4) Now, if you are using ApacheDS, you can also let the server itself do
the work. There is an optionnal interceptor that can be added that will
hash the provided password (either on a Add or on a Modify operation)
with the configured hash algorithm. Here is a test class that
demonstrates the feature:
LdapConnection connection = IntegrationUtils.getAdminConnection(
getService() );
List<Interceptor> interceptors =
classDirectoryService.getInterceptors();
Class<?> clazz = CryptPasswordHashingInterceptor.class;
Interceptor hashMech = null;
hashMech = ( Interceptor ) clazz.newInstance();
hashMech.init( classDirectoryService );
interceptors.add( hashMech );
classDirectoryService.setInterceptors( interceptors );
Here we just programatically added the crypt algorithm interceptor that
will hash any added or modified password using the bcrypt algorithm.
Note that you can do the same with a modified configuration, you just
have to add the proper interceptor at the right place:
dn:
ads-interceptorId=passwordHashingInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
objectclass: top
objectclass: ads-base
objectclass: ads-interceptor
objectclass: ads-hashInterceptor
ads-enabled: TRUE
ads-interceptororder: 9
ads-interceptorclassname:
org.apache.directory.server.core.hash.CryptPasswordHashingInterceptor
ads-interceptorid: passwordHashingInterceptor
ads-hashAttribute: 2.5.4.35
Here, the position is 9, and if you have to add this config, be sure
that the other interceptors are changed to reflect the addition of this
one (ie the next interceptors ads-interceptororder will have to be
incremented after the inesrtion. Like, if you had:
dn:
ads-interceptorId=keyDerivationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
objectclass: top
objectclass: ads-base
objectclass: ads-interceptor
ads-enabled: FALSE
ads-interceptororder: 8
ads-interceptorclassname:
org.apache.directory.server.core.kerberos.KeyDerivationInterceptor
ads-interceptorid: keyDerivationInterceptor
dn:
ads-interceptorId=schemaInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
objectclass: top
objectclass: ads-base
objectclass: ads-interceptor
ads-interceptororder: 9
ads-interceptorclassname:
org.apache.directory.server.core.schema.SchemaInterceptor
ads-interceptorid: schemaInterceptor
ads-enabled: TRUE
the adding the CryptPasswordHashingInterceptor configuration will result
ion such a change:
dn:
ads-interceptorId=keyDerivationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
objectclass: top
objectclass: ads-base
objectclass: ads-interceptor
ads-enabled: FALSE
ads-interceptororder: 8
ads-interceptorclassname:
org.apache.directory.server.core.kerberos.KeyDerivationInterceptor
ads-interceptorid: keyDerivationInterceptor
dn:
ads-interceptorId=passwordHashingInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
objectclass: top
objectclass: ads-base
objectclass: ads-interceptor
objectclass: ads-hashInterceptor
ads-enabled: TRUE
ads-interceptororder: 9
ads-interceptorclassname:
org.apache.directory.server.core.hash.CryptPasswordHashingInterceptor
ads-interceptorid: passwordHashingInterceptor
ads-hashAttribute: 2.5.4.35
dn:
ads-interceptorId=schemaInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
objectclass: top
objectclass: ads-base
objectclass: ads-interceptor
ads-interceptororder: 10 <----------------- It was 9, it's now 10.
ads-interceptorclassname:
org.apache.directory.server.core.schema.SchemaInterceptor
ads-interceptorid: schemaInterceptor
ads-enabled: TRUE
and so on.
I know that OpenLDAP has the same mechanism, but you'll have to check
OpenLDAP doco for that.
I hope I answer your question...
On 15/09/2021 09:33, igyu wrote:
<dependency>
<groupId>org.apache.directory.api</groupId>
<artifactId>api-all</artifactId>
<version>2.0.1</version>
</dependency>
<dependency>
<groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-core-api</artifactId>
<version>2.0.0.AM26</version>
</dependency>
connection.add(new DefaultEntry(
"uid=" + name + ",ou=people,dc=join,dc=com",
"objectClass: account",
"objectClass: posixAccount",
"objectClass: shadowAccount",
"objectClass: top",
"cn", name,
"gidNumber", gidNumber,
"homeDirectory", home,
"uidNumber", uidNumber,
"userPassword", upassword
));
if I use this userPassword is plaintest
How can I use CRYPT or md5
igyu
--
*Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE
T. +33 (0)4 89 97 36 50
P. +33 (0)6 08 33 32 61
emmanuel.lecha...@busit.com https://www.busit.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: api-unsubscr...@directory.apache.org
For additional commands, e-mail: api-h...@directory.apache.org
