String password = req.getParameter("password");
boolean loginSucceed = false;
String hashMethod = "PLAIN";
String hashedPassword = password;
String ldapPassword = getLdapPassword(uname); //Retrieve password from LDAP for the user
if(ldapPassword.startsWith("{md5}")){
hashMethod = "MD5";
}else if(ldapPassword.startsWith
("{sha}")){
hashMethod = "SHA";
}
if(hashMethod.equals("SHA")){
hashedPassword = getSHAHashedPassword(password);
}else if(hashMethod.equals("MD5")){
hashedPassword = getMD5HashedPassword(password);
}
System.out.println("AuthenticateServlet:service:hashedPassword:"+hashedPassword);
System.out.println("AuthenticateServlet:service:ldapPassword:"+ldapPassword);
if(hashedPassword.equals
(ldapPassword))loginSucceed=true;
So, with programmatic login, we can solve the problem. I guess hashing is not part of specification. With declarative security management, I guess, current application login implementation must consider MD5/SHA also.
Hi Hernan/AaronThe following is the export of my LDAP entries. I could export using JXplorer. I also used another LDAP client called LDAP Browser/Editor 2.8.2.In the below LDAP export, there are two users balaji1, balaji2 whose passwords are MD5 hashed.Where as for other users, the passwords are stored PLAIN. So, with balaji1/balaji2, I am getting "Userid/password wrong" message in the browser while authenticating.I am trying to find the answers for Aaron's questions. I will update soon.version: 1
dn: ou=system
objectClass: organizationalUnit
objectClass: top
ou: system
userPassword:: e21kNX1JU012S1hwWHBhZERpVW9PU29BZnd3PT0=dn: uid=admin,ou=system
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: system administrator
displayName: Directory Superuser
sn: administrator
uid: admin
userPassword:: c2VjcmV0dn: ou=users,ou=system
objectClass: organizationalUnit
objectClass: top
ou: usersdn: uid=system,ou=users,ou=system
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: John Doe
facsimiletelephonenumber: +1 408 555 5556
givenname: John
l: Las Vegas
mail: [EMAIL PROTECTED]
ou: People
ou: Human Resources
roomnumber: 4613
sn: Doe
telephonenumber: +1 408 555 5555
uid: system
userPassword:: bWFuYWdlcg==dn: uid=user1,ou=users,ou=system
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: User
facsimiletelephonenumber: +1 408 555 5556
givenname: User1
l: Las Vegas
mail: [EMAIL PROTECTED]
ou: People
ou: Human Resources
roomnumber: 4613
sn: One
telephonenumber: +1 408 555 5555
uid: user1
userPassword:: dXNlcjE=dn: uid=user2,ou=users,ou=system
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: User
facsimiletelephonenumber: +1 408 555 5556
givenname: User2
l: Las Vegas
mail: [EMAIL PROTECTED]
ou: People
ou: Human Resources
roomnumber: 4613
sn: Two
telephonenumber: +1 408 555 5555
uid: user2
userPassword:: dXNlcjI=dn: uid=admin,ou=users,ou=system
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: admin
sn: admin
uid: admin
userPassword:: YWRtaW4=dn: uid=user3,ou=users,ou=system
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: user3
sn: user3
uid: user3
userPassword:: dXNlcjM=dn: uid=user4,ou=users,ou=system
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: user4
sn: user4
uid: user4
userPassword:: dXNlcjQ=dn: uid=phani1,ou=users,ou=system
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: phani1
sn: phani1
uid: phani1
userPassword:: cGhhbmkxdn: uid=balaji1,ou=users,ou=system
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: balaji1
sn: balaji1
uid: balaji1
userPassword:: e21kNX1wRWdLL2ZSODZXQmlPU1FZYmdFQUpBPT0=dn: uid=balaji2,ou=users,ou=system
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: balaji2
sn: balaji2
uid: balaji2
userPassword:: e21kNX1zdXNnSkwybWx0V0ZrZlpWWjk3WnBBPT0=dn: ou=groups,ou=system
objectClass: organizationalUnit
objectClass: top
ou: groupsdn: cn=admin,ou=groups,ou=system
objectClass: groupOfUniqueNames
cn: admin
uniqueMember: uid=system,ou=users,ou=systemdn: cn=guest,ou=groups,ou=system
objectClass: groupOfUniqueNames
cn: guest
uniqueMember: uid=user2,ou=users,ou=system
uniqueMember: uid=user1,ou=users,ou=systemdn: ou=configuration,ou=system
objectClass: organizationalUnit
objectClass: top
ou: configurationdn: ou=partitions,ou=configuration,ou=system
objectClass: organizationalUnit
objectClass: top
ou: partitionsdn: ou=services,ou=configuration,ou=system
objectClass: organizationalUnit
objectClass: top
ou: servicesdn: ou=interceptors,ou=configuration,ou=system
objectClass: organizationalUnit
objectClass: top
ou: interceptorsdn: prefNodeName=sysPrefRoot,ou=system
objectClass: extensibleObject
prefNodeName: sysPrefRootdn: uid=phani-users,ou=system
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: user1
sn: user1
uid: phani-users
Thanksphani
On 1/26/06, Hernan Cunico <[EMAIL PROTECTED] > wrote:Hi Phani,
Can you export an LDIF so we can see your LDAP conf? I think the problem may be there.
So far I have been able to add new users and alter the groups with my other LDAP client. Jxplorer is
giving me some problems while importing/updating from LDIFs.
Can you summarize the steps you do for adding the user?
Cheers!
Hernan
Phani Madgula wrote:
> Hi Hernan,
>
> I am using AG1.0. I tried with other LDAP clients.
> I observed that, some clients store passwords in SHA, by deafult.
> The authentication is failing in either case [MD5 or SHA]
>
> Thanks
> phani
>
>
> On 1/25/06, *Hernan Cunico* <[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED] >> wrote:
>
> Hi Phani,
> So far I am only getting this error while using Jxplorer. What other
> client have you tried?
>
> Cheers!
> Hernan
>
> Hernan Cunico wrote:
> >
> >> Hi Phani,
> >> sorry for the delay in the reply. I am having some issues too while
> >> validating the user.
> >> Maybe you arlready replied this in a previous note but, what
> version
> >> of Geronimo are you using?
> >>
> >> Cheers!
> >> Hernan
> >>
> >> Phani Madgula wrote:
> >>
> >>> Hi Hernan,
> >>>
> >>> Thanks for the link. It is quite helpful & informative.
> >>>
> >>> I did similar operations, as specified in my previous mail, by
> >>> deploying the sample application given in the article. I added
> a new
> >>> user user3/pass123 in "ou=users, ou=system" in Directory
> server, and
> >>> in geronimo-web.xml I added the user3 in role mappings
> >>>
> >>> <role-mappings>
> >>> <role role-name="content-administrator">
> >>> <realm realm-name="ldap-realm">
> >>>
> >>> <principal
> >>>
> class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal "
> >>>
> >>> name="admin" designated-run-as="true"/>
> >>> <principal
> >>>
> class=" org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal "
> >>>
> >>> name="system"/>
> >>> <principal
> >>>
> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal "
> >>>
> >>> name="user3"/>
> >>> </realm>
> >>> </role>
> >>>
> >>> <role role-name="guest">
> >>> <realm realm-name="ldap-realm">
> >>> <principal
> >>>
> class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal
> >>> "
> >>> name="guest" designated-run-as="true"/>
> >>> <principal
> >>>
> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> >>>
> >>> name="user1"/>
> >>> <principal
> >>>
> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> >>>
> >>> name="user2"/>
> >>> </realm>
> >>> </role>
> >>>
> >>> </role-mappings>
> >>>
> >>> I used Jxplorer LDAP client to create the new user users3. When I
> >>> provide password in PLAIN format which uses BASE64 encoding
> through
> >>> LDAP client, the application is authenticating successfully. When I
> >>> store it in MD5, the authentication is failing for user3.
> >>>
> >>> Any issue while using MD5 ?
> >>>
> >>> thanks
> >>> phani
> >>>
> >>> On 1/21/06, *Hernan Cunico* < [EMAIL PROTECTED]
> <mailto: [EMAIL PROTECTED]>
> >>> <mailto: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> > wrote:
> >>>
> >>> Hi Phani,
> >>> Here is an article that may help you configure LDAP
> >>>
> >>>
> >>>
> http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Configuring+LDAP
> >>>
> >>>
> >>> Cheers!
> >>> Hernan
> >>>
> >>> Phani Madgula wrote:
> >>> > Hi
> >>> >
> >>> > I am facing a problem while connecting to LDAP server
> from an
> >>> LDAP client.
> >>> > I have installed Softerra LDAP browser and tried to
> connect to
> >>> LDAP
> >>> > server running on Geronimo.
> >>> >
> >>> > I always get "Can not connect to the LDAP server : ERROR
> 91".
> >>> >
> >>> > Any solution?
> >>> >
> >>> > thanks
> >>> > phani
> >>>
> >>>
> >>
> >
>
>
