I would think that the answer is that all of those LDAP clients are using a consistent hashing algorithm. Your ldapsearch command is probably invoking a client executable that is applying the hashing algorithm.
I'm not using the latest J2, so I'm not sure if the default components use a hashing algorithm or not. When I started development on my LDAP SPI components, I believe it was using MD5 (but am not sure). Perhaps now they are storing them in clear text. In any event you should find out what hashing algorithm your Domino clients are using to encode the passwords and then implement a Credential Handler that uses the same algorithm. On 7/28/06, Vitaly Baranovsky <[EMAIL PROTECTED]> wrote:
Ok, but why I can bind to Domino Directory using WebSphere Portal, ldapsearch command line tool or Softerra LDAP Browser with my password wpsdevtest without any additional programming? For example, this command line shows me info about wpsdevtest entry in Domino LDAP: > ldapsearch -h ldapsrv.office.mycompany.net -D cn=wpsdevtest,ou=MyCompany,o=LIGA -w wpsdevtest cn=wpsdevtest. So, as you can see, there is no need to encrypt my password when using ldapsearch command. Maybe, jetspeed-2 have to be upgraded to use Domino LDAP Directory? 2006/7/28, Aaron Evans <[EMAIL PROTECTED]>: > > It is likely that your existing users in domino have passwords > hashed/encoded differently than the algorithm employed by the J2 > components. If you had created the passwords using jetspeed, then you > would be ok, but I bet they existed already. > > In the security-spi-atn LDAP assembly file, you can swap the > configured implementation of > org.apache.jetspeed.security.spi.CredentialPasswordEncoder with your > own custom one so that you can encode/hash passwords in the format you > need. > > HTH, > aaron > > On 7/27/06, Vitaly Baranovsky <[EMAIL PROTECTED]> wrote: > > Good day! > > > > I've configured jetspeed-2 to use Domino ldap directory for > authentication. > > When I try to log in, jetspeed tells me "invalid password". But when I > > configure jetspeed-2 to use Apache Directory Server for authentication, > > jetspeed-2 logs in with no problem. > > > > My security-spi-ldap.xml for domino authentication: > > <beans> > > <!-- ************** Ldap Configuration ************** --> > > <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig > " > > class=" > org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"> > > <!-- The LDAP initial context factory. --> > > <constructor-arg index="0"><value>com.sun.jndi.ldap.LdapCtxFactory > > </value></constructor-arg> > > <!-- The LDAP server name. --> > > <constructor-arg index="1"><value>ldapsrv.office.mycompany.net > > </value></constructor-arg> > > <!-- The LDAP server port. --> > > <constructor-arg index="2"><value>389</value></constructor-arg> > > <!-- The LDAP server default dn suffix. --> > > <constructor-arg index="3"><value></value></constructor-arg> > > <!-- The LDAP server root context. --> > > <constructor-arg > > index="4"><value>O=MyCompany</value></constructor-arg> > > <!-- The LDAP server root dn. --> > > <constructor-arg > > > index="5"><value>CN=wpsdev,OU=MyCompanyUsers,O=MyCompany</value></constructor-arg> > > <!-- The LDAP server root password. --> > > <constructor-arg index="6"><value>wpsdev</value></constructor-arg> > > <!-- The users org unit. --> > > <constructor-arg > > index="7"><value>MyCompanyUsers</value></constructor-arg> > > <!-- The groups org unit. --> > > <constructor-arg index="8"><value>groups</value></constructor-arg> > > <!-- The roles org unit. --> > > <constructor-arg index="9"><value>roles</value></constructor-arg> > > </bean> > > </beans> > > > > I have entry CN=wpsdevtest,OU=MyCompanyUsers,O=MyCompany with password > > wpsdevtest at Domino Directory, and I can run ldapsearch correctly using > > this entry as bind dn. This user have jetspeed-2-user object-class. > > > > When I try to enter login wpsdevtest and password wpsdevtest in > jetspeed-2 > > login portlet, it says me: "invalid password". But when I enter login > that > > didn't exists in Domino directory, jetspeed-2 says me: "invalid user". > So, > > it's looks like ldap binding was ok. > > > > When I do same things using Apache Directory server, jetspeed-2 logs in > > correctly. > > > > So, how can I do Domino ldap authentication using jetspeed-2? Please, > help > > me! > > > > Thanks! > > > > P.S.: Sorry for my bad English. > > > > P.P.S.: I have found next message at > > http://issues.apache.org/jira/browse/JS2-491?page=comments: > > > The major problem that users will be facing today is that encrypted > > > passwords are not supported in the jetspeed2.0 release. Given that > this > > > functionality has been committed to the codebase, how do you feel > > > towards providing a downloadable JAR file to users that would act as a > > > replacement for their current jetspeed-security-2.0.jar - doesn't have > > > to be anything official, could be included as a link in the > > > documentation) > > > The user would have to > > > * replace his jetspeed-security-2.0.jar > > > * restart tomcat > > > The user would have support for encrypted passwords and group/role > > > membership via LDAP. > > > > So, is my problem in jetspeed-2 cannot support encrypted passwords? So, > is > > anyone has jetspeed-security-2.x.jar? Give it to me please, if so. > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
