3

我有以下 JNDI 代码来将新用户的密码生成到 Apache DS 中:

 private String digest(String algorithm,String password) throws NoSuchAlgorithmException {
        String r = null;
        byte [] b = null;
        MessageDigest md = MessageDigest.getInstance(algorithm);
        BASE64Encoder encoder;

        md.update(password.getBytes());
        b = md.digest();

        encoder = new BASE64Encoder();

        System.out.println(encoder.encode(b));

        r = encoder.encode(b);

        return r;
    }

此代码添加新用户:

 public User create(User t) throws PersistenceException {
     NamingEnumeration answer = null;
     Attributes matchAttrs = null;
     Attribute objectClass = new BasicAttribute("objectClass");

     try {
         matchAttrs = new BasicAttributes(true); // ignore attribute name case
         matchAttrs.put(new BasicAttribute("uid",t.getCommonId()));

         answer = getConnection().search(userContext, matchAttrs);

         if( ! answer.hasMore() )
         {
             matchAttrs = new BasicAttributes(true);
             objectClass.add("inetOrgPerson");
             objectClass.add("organizationalPerson");
             objectClass.add("person");
             objectClass.add("top");
             matchAttrs.put(objectClass);
             matchAttrs.put(new BasicAttribute("cn", t.getFirstName()));
             matchAttrs.put(new BasicAttribute("sn", t.getLastName()));
             matchAttrs.put(new BasicAttribute("givenName", t.getFirstName()));
             matchAttrs.put(new BasicAttribute("mail", t.getCommonId()));
             matchAttrs.put(new BasicAttribute("userPassword", diggest("MD5",t.getPassword())));                
              getConnection().createSubcontext("uid="+t.getCommonId()+","+userContext,matchAttrs);
         }
         else
             throw new PersistenceException("This user already exists.");

     } catch (NoSuchAlgorithmException ex) {
         throw new PersistenceException("LDAP exception creating user - Hash algorithm not found.");
     } catch (NamingException ex) {
         ex.printStackTrace();
         throw new PersistenceException("LDAP exception creating user.");
     }
     return t;
 }

当我调用此代码时,它会生成一个哈希 MD5(我将“MD5”作为算法传递),然后它在 Base64 中编码并返回要用于 LDAP(apacheds)服务器的新用户的密码。

然而,服务器总是创建用户并将“SSHA”作为创建用户的算法。我该如何解决?我尝试了很多选项都没有成功,现在我决定问一下。有没有办法告诉 LDAP 服务器密码是用特定的哈希编码的?

4

2 回答 2

2

试试这个来添加一个用户...

import java.util.Hashtable;
import java.util.Properties;
import java.util.jar.Attributes;

import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;

    public class LdapProgram {  


            public static void main(String[] args) {  

                 Hashtable env = new Hashtable();
                 env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
                 env.put(Context.PROVIDER_URL, "ldap://localhost:10389");
                 env.put(Context.SECURITY_AUTHENTICATION, "simple");
                 env.put(Context.SECURITY_PRINCIPAL,"uid=admin,ou=system"); // specify the username
                 env.put(Context.SECURITY_CREDENTIALS,"secret");// specify the password
                // TODO code application logic here  

                          // entry's DN 
           String entryDN = "uid=user1,ou=system";  

            // entry's attributes  

            Attribute cn = new BasicAttribute("cn", "Test User2");  
            Attribute sn = new BasicAttribute("sn", "Test2");  
            Attribute mail = new BasicAttribute("mail", "newuser@foo.com");  
            Attribute phone = new BasicAttribute("telephoneNumber", "+1 222 3334444");   
                Attribute oc = new BasicAttribute("objectClass");  
            oc.add("top");  
            oc.add("person");  
            oc.add("organizationalPerson");  
            oc.add("inetOrgPerson");  
            DirContext ctx = null;  

            try {  
                // get a handle to an Initial DirContext  
                ctx = new InitialDirContext(env);  

                // build the entry  
                BasicAttributes entry = new BasicAttributes();  
                entry.put(cn);  
                entry.put(sn);  
                entry.put(mail);  
                entry.put(phone);  

                entry.put(oc);  

                // Add the entry  

                ctx.createSubcontext(entryDN, entry);  
      //          System.out.println( "AddUser: added entry " + entryDN + ".");  

            } catch (NamingException e) {  
                System.err.println("AddUser: error adding entry." + e);  
            }  
         }  
    }
于 2012-03-15T12:13:14.493 回答
0

当 LDAP 存储加密密码时,它以以下形式存储:

{MD5}<md5hashInBase64>

尝试"{MD5}"像这里明确添加:http: //andrew-stephanie.ca/ldap-md5-java

matchAttrs.put(new BasicAttribute("userPassword", "{MD5}" + digest("MD5",t.getPassword())));
于 2014-05-13T08:40:58.123 回答