I'm using an open ldap database for LDAPUserManagement. The userPassword store in the ldap database is SHA.
I've *replaced* the Unix.crypt() method that's currently in jetspeed-1.4/1.5 services/security/ldap/LDAPUserManagement with the following:
-------
public String encryptPassword( String password )
throws JetspeedSecurityException
{
......
// passwordsAlgorithm = SHA
MessageDigest md = MessageDigest.getInstance(passwordsAlgorithm);
byte[] digest = md.digest(password.getBytes("UTF-8"));
ByteArrayOutputStream bas = new ByteArrayOutputStream(digest.length +
digest.length / 3 + 1);
OutputStream encodedStream = MimeUtility.encode(bas, "base64");
encodedStream.write(digest);
return bas.toString();
}
--------passwordsMatch() calls encryptPassword() and is returned an encrypted string from the user suppliedPassword (gathered during the login process).
user.getPassword() is retrieved from the ldap database and substringed
to remove the passwordsSuffix {SHA}.However, when suppliedPassword is encrypted during encryptPassword() the return value is *truncated*. The result is that user.getPassword.equal(encrypted) returns false failing the login process.
Here's the DEBUG:
ERROR LDAPUserManagement - DEBUG: passwordsMatch(): userPassword [from ldap]: mr6iBOhZVdzyIoZkBjTMpT1qyf8= encrypted [from encryptPassword]: mr6iBOhZVdzyIoZkBjTMpT1q suppliedPassword :jetspeed
Any clues to my problem?
Thanx in advance,
johnmac
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
