directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "lucas theisen (JIRA)" <>
Subject [jira] [Commented] (DIRSERVER-2088) Add the ability to specify additional fields that should be hashed by the hashing interceptors
Date Fri, 07 Aug 2015 18:19:45 GMT


lucas theisen commented on DIRSERVER-2088:

I will need at least 3 new OID's for this:

dn: ads-interceptorId=hashingInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
objectclass: top
objectclass: ads-base
objectclass: ads-interceptor
objectclass: ads-hashingInterceptor
ads-enabled: TRUE
ads-interceptororder: 9
ads-interceptorid: hashingInterceptor
ads-hashAlgorithm: SSHA-256
ads-hashAttribute: userPassword
ads-hashAttribute: ?

dn: m-oid=?, ou=objectClasses, cn=adsconfig,
objectclass: top
objectclass: metaTop
objectclass: metaObjectClass
m-oid: ?
m-name: ads-hashingInterceptor
m-description: A generic hashing interceptor
m-supobjectclass: ads-base
m-typeobjectclass: ABSTRACT
m-must: ads-hashAlgorithm
m-may: ads-hashAttribute

dn: m-oid=?,ou=attributeTypes,cn=adsconfig,ou=schema
m-ordering: caseExactOrderingMatch
objectclass: metaTop
objectclass: metaAttributeType
objectclass: top
m-singlevalue: TRUE
m-oid: ?
m-description: Hash algorithm
m-substr: caseExactSubstringsMatch
m-name: ads-hashAlgorithm
m-equality: caseExactMatch
m-length: 0

dn: m-oid=?,ou=attributeTypes,cn=adsconfig,ou=schema
objectclass: metaTop
objectclass: metaAttributeType
objectclass: top
m-ordering: ?
m-singlevalue: FALSE
m-oid: ?
m-description: Attribute names that require hashing
m-substr: ?
m-name: ads-hashAttribute
m-equality: ?
m-length: 0

Do we have a file or something where we register new OID values?  Is there a process for allocating

> Add the ability to specify additional fields that should be hashed by the hashing interceptors
> ----------------------------------------------------------------------------------------------
>                 Key: DIRSERVER-2088
>                 URL:
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>            Reporter: lucas theisen
> This [discussion|]
went over the topic.  Per the suggestion from [~akiran], this should be done with some new
> {quote}
> what I would do is to add support for configuring one or more attributes in
> this interceptor
> something like, 'ads-hashAttibute' a multi valued attributes
> {quote}
> Per [~elecharny], a new {{objectClass}} should be created:
> {quote}
> The idea is to add some configuration in the HashInterceptor
> configuration. You can create a new ObjectClass for that and add some
> new AttributeType to store the OID to be hashed.
> {quote}
> And given that we will create a new {{objectClass}} with its own configuration attribute
for {{ads-hashAttribute}} it is also reasonable to add {{ads-hashAlgorithm}}.  With this,
_ALL_ of the individual classes could be implemented as one simple {{HashingInterceptor}}.

This message was sent by Atlassian JIRA

View raw message