[lsc-users] Fwd: DB to LDAP: How to hash a cleartext password?

Fri, 11 Jul 2014 10:47:14 -0700 

Thank you for the clarification!

I was able to get it working with the information that you provided.  My 
dataset ended up looking like this:

<dataset>
          <name>userPassword</name>
          <policy>KEEP</policy>
            <forceValues>
                <string>"{SHA}" + SecurityUtils.hash(SecurityUtils.HASH_SHA1, 
srcBean.getDatasetFirstValueById("userPassword"))</string>
            </forceValues>
 </dataset>

I’m not sure if that’s the best way to do it, but it seems to work okay.
Thanks again!
                
> Thank you for your response Clément!
> 
> (Sorry if this is duplicate.  Just trying to keep the message in the mailing 
> list.)
> 
> I’ve looked at those two pages for a long time before sending the message to 
> the list.  And because I’m so new to this, I don’t understand how to do it.
> I’ll try to make my questions very specific so I don’t waste your time.
> 
> 1.  Where should these lines be placed?  Do they go in lsc.xml?  Are they 
> part of a task? A dataset?  Since the examples don’t show these lines in 
> context, I don’t know where to put them.
> 
> 
> 
> Yes, inside a dataset.
>  
> 2.  If I use the Hash rule as shown in the example:
> 
> SecurityUtils.hash(SecurityUtils.HASH_SHA1, "phrase to hash”)
> 
> How do I tell it to do this operation on the existing plain text value that 
> is in the database source?  I understand how this line works with a single 
> unchanging “phrase to hash”, but not with an existing source value from a 
> database record.  I’m guessing it will be a srcBean of some configuration?
> 
> 
> Replace the "phrase to hash" by srcBean.getDatasetFirstValueById("password"), 
> with "password" beeing the DB field name.
> 
> 
> 
> 3.  In the example box for Symmetric Encryption there are two lines:
> 
> SecurityUtils.encrypt("something secret")
> SecurityUtils.decrypt(srcBean.getDatasetFirstValueById("encryptedAttribute"))
> 
> Are these two different examples, or must they be used together?
> 
> 
> These are different examples.
> 
> 
>  
> 4.  When pulling a source plaintext value from a database, what types of 
> values would replace:
> “something secret”  and  “encryptedAttribute”  ?
> 
> 
> 
> To put the password inside an LDAP server, use SHA or MD5 methods,, with 
> {SHA} or {MD5} at the beginning of the string.
> 
> 
> Clément.


_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users

Reply via email to