directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From suresh ramamurthy <>
Subject Re: Can we send SHA of password as the credential for LDAP authentication..
Date Mon, 18 Feb 2013 19:39:28 GMT
Hi Kiran,

Thank you very much for your response....


 From: Kiran Ayyagari <>
To:; suresh ramamurthy <> 
Sent: Friday, February 15, 2013 10:30 PM
Subject: Re: Can we send SHA of password as the credential for LDAP authentication..

On Sat, Feb 16, 2013 at 7:51 AM, suresh ramamurthy <> wrote:

>We have a requirement to not send clear text as the credential for LDAP bind operation. 
>So, we store SHA of the password in the Apache DS LDAP server and we would like to send
the SHA of the password from client as
>the user credential for LDAP authentication. For example, we can set the password as {SHA}blah..blah...
>Is it possible to configure Apache DS to ignore hash conversion of the input password
and just compare the password with LDAP DB?
>I googled for couple of days and I also looked in the Apache DS code and found that during
bind operation, input password is hashed
>using the algorithm stored along with the password in LDAP DB and then the result is compared. 
>Can any one please shed light on this and let me know if we can send SHA of the password
from client instead of the real password for LDAP authentication. 
>Also, is this a valid approach or sending clear password from client is the only approach(assuming
ssl is enabled..)
this is not the correct way to perform bind operation with the server, use startTLS with clear
text password


Kiran Ayyagari 
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message