问题描述
当您使用 Java API 更新 Open LDAP 目录时,有没有办法指定哈希算法(MD5、SHA1 等)用于存储密码,代码如下:
Is there a way to specify the hash algorithm (MD5, SHA1, etc.) to use for storing the passwords when you update an Open LDAP directory using Java APIs with code like this:
private void resetPassword(String principal, String newPassword) throws NamingException { InitialDirContext ctx***** = null; Hashtable<String, String> ctxData = new Hashtable<String, String>(); ctxData.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); ctxData.put(Context.PROVIDER_URL, "ldap://myserver:389"); ctxData.put(Context.SECURITY_AUTHENTICATION, "simple"); ctxData.put(Context.SECURITY_PRINCIPAL, "*****_dn"); ctxData.put(Context.SECURITY_CREDENTIALS, "*****_passwd"); InitialDirContext ctx***** = new InitialDirContext(ctxData); if (newPassword == null || newPassword.equals("")) { String msg = "Password can't be null"; throw new NamingException(msg); } else { if (principal == null || principal.equals("")) { String msg = "Principal can't be null"; throw new NamingException(msg); } else { if (ctx***** == null) { String errCtx = "Can't get LDAP context"; throw new NamingException(errCtx); } } } BasicAttribute attr = new BasicAttribute("userpassword", newPassword); ModificationItem modItem = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attr); ModificationItem[] items = new ModificationItem[1]; items[0] = modItem; ctx*****.modifyAttributes("cn=" + principal + ",ou=Users,dc=com", items); }
推荐答案
应该这样做:(MD5)显示
Something along these lines should do it: (MD5) Shown
context.setAttributeValue("userPassword", digestMd5("newPassword)); private String digestMd5(final String password) { String base64; try { MessageDigest digest = MessageDigest.getInstance("MD5"); digest.update(password.getBytes()); base64 = new BASE64Encoder().encode(digest.digest()); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } return "{MD5}" + base64; }
-吉姆