如何通过Java更新LDAP时指定哈希算法?
有没有办法指定使用Java API更新Open LDAP目录时用于存储密码的哈希算法(MD5,SHA1等),代码如下:
private void resetPassword(String principal, String newPassword) throws NamingException { InitialDirContext ctxAdmin = null; Hashtable ctxData = new Hashtable(); ctxData.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); ctxData.put(Context.PROVIDER_URL, "ldap://myserver:389"); ctxData.put(Context.SECURITY_AUTHENTICATION, "simple"); ctxData.put(Context.SECURITY_PRINCIPAL, "admin_dn"); ctxData.put(Context.SECURITY_CREDENTIALS, "admin_passwd"); InitialDirContext ctxAdmin = new InitialDirContext(ctxData); if (newPassword == null || newPassword.equals("")) { String msg = "Password can't be null"; throw new NamingException(msg); } else { if (principal == null || principal.equals("")) { String msg = "Principal can't be null"; throw new NamingException(msg); } else { if (ctxAdmin == null) { String errCtx = "Can't get LDAP context"; throw new NamingException(errCtx); } } } BasicAttribute attr = new BasicAttribute("userpassword", newPassword); ModificationItem modItem = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attr); ModificationItem[] items = new ModificationItem[1]; items[0] = modItem; ctxAdmin.modifyAttributes("cn=" + principal + ",ou=Users,dc=com", items); } 沿着这些方向的东西应该这样做:(MD5)显示
context.setAttributeValue("userPassword", digestMd5("newPassword)); private String digestMd5(final String password) { String base64; try { MessageDigest digest = MessageDigest.getInstance("MD5"); digest.update(password.getBytes()); base64 = new BASE64Encoder().encode(digest.digest()); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } return "{MD5}" + base64; }
-Jim
我想你必须使用SHA1( http://java.sun.com/javase/6/docs/technotes/guides/security/ )来哈希密码,用哈希创建一个LDAPAttribute,并在连接上调用modify 。