directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Theisen, Lucas" <lthei...@mitre.org>
Subject PasswordHashingInterceptor
Date Thu, 23 Jul 2015 19:31:13 GMT
I have need to hash more than just the userPassword attribute (I store the answers to security
questions as well), and figured other people may need the same feature.  I would add it to
the source branch, but my solution was to hard code the list of hashed OID's in classes similar
those in the interceptors-hash module.  In order to make it generic enough to add to the project,
I would need a better way to feed in the list of OID's (rather than compile).  I know that
binary attributes are set on the client via org.apache.directory.api.ldap.codec.api.BinaryAttributeDetector,
but since this would be server side, that approach would not work.  All server config seems
to be ldif oriented, but this would require a custom attribute for this new option, perhaps
something like:

ads-interceptorconfig: any-config-string-here

Or an even more generic:

ads-customconfig: any-config-string-here

That would be allowed in any config (not just interceptors).  I could do it without the additional
attribute using system properties, but that seems wonky...

Anyway, my questions are:
Is anybody else interested in this feature?
Do we have a common approach to adding new configuration attributes?
Is this a valid case for new attributes?
Any other suggestions?
And if I do this, should we change the base class from PasswordHashingInterceptor to HashingInterceptor?
If we change the base class name, any idea what other classes/config/anything would be impacted?

Thank You,
Lucas Theisen


Mime
View raw message