Login possible using password hash
----------------------------------
Key: DIRSERVER-1540
URL: https://issues.apache.org/jira/browse/DIRSERVER-1540
Project: Directory ApacheDS
Issue Type: Bug
Components: ldap
Affects Versions: 2.0.0-RC1
Reporter: Andreas Oberritter
Fix For: 2.0.0-RC1
from IRC:
file:
core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
method: public LdapPrincipal authenticate( BindOperationContext bindContext )
you can see a code block starting with:
// Short circuit for PLAIN TEXT passwords : we compare the byte array
directly
// Are the passwords equal ?
if ( Arrays.equals( credentials, storedPassword ) )
i think you should move this block to the algorithm == null case some lines
below
the test case would be:
1) store a password with any hashed algorithm.
2) base64 decode it.
3) use the result to bind to the ldap server
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
