Hi,
I'm trying to inject generated password for my users into a LDAP directory.
I want to use SHA-512, so I'm using something like :
"{CRYPT}$6$"+SecurityUtils.hash("SHA-512",p);
In my userPassword dataset (p is the generated password).
Problem is hash() also encodes the password using base64, so the value
is stored in the LDAP as base64, where I expect it to be stored 'as is'
(so do FusionDirectory, the ldap manager I'm using).
- Do I have to use decrypt() and how ? I'm reading at
http://lsc-project.org/wiki/documentation/2.1/configuration/syncoptions/security
"Using a pre-generated key, you can encrypt or decrypt values using a
two-way encryption algorithm. "
but it's not suggested how to generate this "key" ?
Also the sentence "LSC expects the encoded password to be retrieved from
LDAP base 64 encoded. So, if storing it using another tools, it must be
base64 encoded before being inserted into LDAP. " contradicts what I see
in my LDAP, where passwords don't seem stored as base64.
PS: I've also read
http://lsc-project.org/wiki/documentation/2.1/configuration/security/encryption
Thanks,
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
