如何通过Java更新LDAP时指定哈希算法?

有没有办法指定使用Java API更新Open LDAP目录时用于存储密码的哈希算法(MD5,SHA1等),代码如下:

private void resetPassword(String principal, String newPassword) throws NamingException {
InitialDirContext ctxAdmin = null;
    Hashtable<String, String> ctxData = new Hashtable<String, String>();
    ctxData.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    ctxData.put(Context.PROVIDER_URL, "ldap://myserver:389");
    ctxData.put(Context.SECURITY_AUTHENTICATION, "simple");
    ctxData.put(Context.SECURITY_PRINCIPAL, "admin_dn");
    ctxData.put(Context.SECURITY_CREDENTIALS, "admin_passwd");
    InitialDirContext ctxAdmin = new InitialDirContext(ctxData);
    if (newPassword == null || newPassword.equals("")) {
        String msg = "Password can't be null";
        throw new NamingException(msg);
    } else {
        if (principal == null || principal.equals("")) {
            String msg = "Principal can't be null";
            throw new NamingException(msg);
        } else {
        if (ctxAdmin == null) {
            String errCtx = "Can't get LDAP context";
            throw new NamingException(errCtx);
            }
        }
    }   
    BasicAttribute attr = new BasicAttribute("userpassword", newPassword);
    ModificationItem modItem = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attr);
    ModificationItem[] items = new ModificationItem[1];
    items[0] = modItem;
    ctxAdmin.modifyAttributes("cn=" + principal + ",ou=Users,dc=com", items);
}

解决方法:

沿着这些方向应该做的事情:(MD5)显示

context.setAttributeValue("userPassword", digestMd5("newPassword));

private String digestMd5(final String password) {
  String base64;
  try {
     MessageDigest digest = MessageDigest.getInstance("MD5");
     digest.update(password.getBytes());
     base64 = new BASE64Encoder().encode(digest.digest());
  }
  catch (NoSuchAlgorithmException e) {
     throw new RuntimeException(e);
  }
  return "{MD5}" + base64;
}

-Jim

上一篇:如何将Spring Security从ldap更改为ldap starttls


下一篇:如何在使用PHP的LDAP身份验证中使用电子邮件代替用户名?