directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Theisen, Lucas" <>
Subject PasswordHashingInterceptor
Date Thu, 23 Jul 2015 19:31:13 GMT
I have need to hash more than just the userPassword attribute (I store the answers to security
questions as well), and figured other people may need the same feature.  I would add it to
the source branch, but my solution was to hard code the list of hashed OID's in classes similar
those in the interceptors-hash module.  In order to make it generic enough to add to the project,
I would need a better way to feed in the list of OID's (rather than compile).  I know that
binary attributes are set on the client via,
but since this would be server side, that approach would not work.  All server config seems
to be ldif oriented, but this would require a custom attribute for this new option, perhaps
something like:

ads-interceptorconfig: any-config-string-here

Or an even more generic:

ads-customconfig: any-config-string-here

That would be allowed in any config (not just interceptors).  I could do it without the additional
attribute using system properties, but that seems wonky...

Anyway, my questions are:
Is anybody else interested in this feature?
Do we have a common approach to adding new configuration attributes?
Is this a valid case for new attributes?
Any other suggestions?
And if I do this, should we change the base class from PasswordHashingInterceptor to HashingInterceptor?
If we change the base class name, any idea what other classes/config/anything would be impacted?

Thank You,
Lucas Theisen

View raw message