opendj

Customized Password Storage Scheme Type?


I'm customizing the storage Scheme, but seems available storage types are the following:

-t, –type {type} The type of Password Storage Scheme which should be created. The value for TYPE can be one of: aes | base64 | bcrypt | blowfish | clear | crypt | custom | md5 | pbkdf2 | pkcs5s2 | rc4 | salted-md5 | salted-sha1 | salted-sha256 | salted-sha384 | salted-sha512 | sha1 | triple-des

And "custom" seems not working. My question is can I create a new type?and how? Thanks.

BTW: opendj 3.0 is used.

These are the steps that I create the storage scheme:

  1. Write a custom storage scheme and a custom xml configuration, generate the code
  2. Place a JAR containing my scheme (and other dependency JARS) in OpenDJ’s lib/extensions directory
  3. create a storage scheme object class with ldapmodify dn: cn=schema changetype: modify add: objectClasses objectClasses: ( ds-cfg-sample-password-storage-scheme-oid NAME 'ds-cfg-sample-password-storage-scheme' DESC 'This is the customized Sample password schema' SUP ds-cfg-password-storage-scheme STRUCTURAL X-SCHEMA-FILE '99-sample.ldif' )
  4. create my password storage scheme with dsconfig create-password-storage-scheme. And I'm stuck here. OpenDJ just doesn't show the type I need. that's why I ask how these types show up in create-password-storage-scheme command. If I use following ldif, it works with no exception, so I believe my plugin should work. dn: cn=SAMPLE MD5,cn=Password Storage Schemes,cn=config cn: SAMPLE MD5 ds-cfg-enabled: true ds-cfg-java-class: com.sample.SamplePasswordStorageScheme objectClass: ds-cfg-sample-password-storage-scheme objectClass: top objectClass: ds-cfg-password-storage-scheme . But create-password-storage-scheme just doesn't work because no valid type.

Solution

  • "custom" is a generic type for all OpenDJ plugins and extensions and doesn't work with Password Storage Schemes. You should be able to add your own type when building your extended scheme (in the xml description), or you can reuse one of the existing type. The type only governs how the scheme can be configured. Most of them are just enabled/disabled, but some require additional configuration (like PBKDF2). I hope this helps.