I have the following JNDI code to generate the password in a new user into Apache DS:
private String digest(String algorithm,String password) throws NoSuchAlgorithmException {
String r = null;
byte [] b = null;
MessageDigest md = MessageDigest.getInstance(algorithm);
BASE64Encoder encoder;
md.update(password.getBytes());
b = md.digest();
encoder = new BASE64Encoder();
System.out.println(encoder.encode(b));
r = encoder.encode(b);
return r;
}
This code adds the new user:
public User create(User t) throws PersistenceException {
NamingEnumeration answer = null;
Attributes matchAttrs = null;
Attribute objectClass = new BasicAttribute("objectClass");
try {
matchAttrs = new BasicAttributes(true); // ignore attribute name case
matchAttrs.put(new BasicAttribute("uid",t.getCommonId()));
answer = getConnection().search(userContext, matchAttrs);
if( ! answer.hasMore() )
{
matchAttrs = new BasicAttributes(true);
objectClass.add("inetOrgPerson");
objectClass.add("organizationalPerson");
objectClass.add("person");
objectClass.add("top");
matchAttrs.put(objectClass);
matchAttrs.put(new BasicAttribute("cn", t.getFirstName()));
matchAttrs.put(new BasicAttribute("sn", t.getLastName()));
matchAttrs.put(new BasicAttribute("givenName", t.getFirstName()));
matchAttrs.put(new BasicAttribute("mail", t.getCommonId()));
matchAttrs.put(new BasicAttribute("userPassword", diggest("MD5",t.getPassword())));
getConnection().createSubcontext("uid="+t.getCommonId()+","+userContext,matchAttrs);
}
else
throw new PersistenceException("This user already exists.");
} catch (NoSuchAlgorithmException ex) {
throw new PersistenceException("LDAP exception creating user - Hash algorithm not found.");
} catch (NamingException ex) {
ex.printStackTrace();
throw new PersistenceException("LDAP exception creating user.");
}
return t;
}
When I call this code it generates a hash MD5 (I passed "MD5" as algorithm) and then it encodes in Base64 and returns the password to be used to the new user for LDAP (apacheds) server.
However the server always create the user and put "SSHA" as the algorithm for the created user. How can I fix that? I tryied a lot of options not succeeded, now I decided to ask. IS there a way to say to LDAP server the password is encoded with a specific hash?
When LDAP stored encrypted password, it stores it in the form:
Try to add explicitly
"{MD5}"
like here: http://andrew-stephanie.ca/ldap-md5-java