ldapopenldap

Verify LDAP user password with SSHA-512 hash method


I am using OpenLDAP to store user information. User entry is an inetOrgPerson object. I use Apache Directory Studio to add userPassword with SSHA-512 hash method.

How can I verify input user password with the password stored in LDAP in my Java application?


Solution

  • I found my answer: http://gurolerdogan.blogspot.com/2010/03/ssha-encryption-with-java.html

    SSHA ssha = new SSHA("SHA-512");
    String sshaStr = ssha.createDigest("randomString", "mypwd");
    //{SSHA}5QxZCiM/zcn0/upHX2uw6ICbgE+PLa9sJz/UpfMAMe1isyxuv+NeW4k4GjRDoTQHnB5QjCKCydJJjUQnT3DEEXJhbmRvbVN0cmluZw==
    return sshaStr;
    

    Replace {SSHA} with {SSHA-512} you will have a SSHA-512 password to store in OpenLDAP. It's useful when you create new user or update user password.

    You can improve the source code, for example replace sun.misc.BASE64Encoder with org.apache.commons.codec.binary.Base64.