directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <>
Subject Re: Error verifying SHA Password
Date Wed, 10 Apr 2013 15:39:23 GMT
Le 4/10/13 5:12 PM, emanuel braga a écrit :
> Hi,
> I'm developing an application that uses ApacheDS as authentication service. I've installed
ApacheDS, Apache Directory Studio and I've included Apache LDAP API in my Java project.
> I've already implemented the connection and simple bind with password in plain text.
However I want to implement the bind process with encrypted (SHA, for example) password. With
Apache Directory Studio, I've changed password (stored as SHA) with no problems.
> The problem is when I try to process bind with SHA password (plain text password is 'test'):
>     connection.bind( "ou=example, dc=com", "{SHA}qUqP5cyxm6YcTAhz05Hph5gvu9M=" );

You should *not* submit the hashed password, but the real password. It
makes no sense to send an hashed password to the server.

The way it works is that the server will get your password, take the
user's userPassword content, grab the hash algorithm from it, and hash
the provided password with the same algorithm, then compare it with the
stored hash value.

The reason passwords are hashed o the server is just to forbid anyone
getting access to the server to know what are the passwords. It does not
protect you against a MITM attack.

Emmanuel Lécharny 

View raw message