You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@directory.apache.org by UdayaKiran Ala <ud...@gmail.com> on 2007/12/12 16:32:10 UTC
Getting a clear text password from Apache DS 1.5.0
Hi All,
I'm using Apache Directory Server 1.5.0 for our application authentication.
I need to retrieve the cleartext password (userPassword) by using JAVA API
Any idea?
Thanks in Advance,
Regards
UdayaKiran.Ala
Re: Getting a clear text password from Apache DS 1.5.0
Posted by Emmanuel Lecharny <el...@gmail.com>.
UdayaKiran Ala wrote:
> HI All,
>
Hi,
> Yes, I can retrieve a password if it is stored as clear text password.
> Below is the sample code snippet
>
>
> Attribute oPwdAttr = attrs.get(ATTR_PASSWORD);
>
> byte[] pwd = (byte[]) oPwdAttr.get();
>
> String sPwd = new String(pwd);
>
just use this instead :
String sPwd = new String( pwd, "UTF-8" )
otherwise you may get some wrong password if you have not ascii chars
into the password, depending on your locale.
> System.out.println("password is "+sPwd);
>
>
> Thanks
> Uday
>
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
Re: Getting a clear text password from Apache DS 1.5.0
Posted by UdayaKiran Ala <ud...@gmail.com>.
HI All,
Yes, I can retrieve a password if it is stored as clear text password.
Below is the sample code snippet
Attribute oPwdAttr = attrs.get(ATTR_PASSWORD);
byte[] pwd = (byte[]) oPwdAttr.get();
String sPwd = new String(pwd);
System.out.println("password is "+sPwd);
Thanks
Uday
On 12/13/07, UdayaKiran Ala <ud...@gmail.com> wrote:
>
> Hi Emmanuel,
>
> Thanks for your mail & information.
>
> Yes, as you said I stored the password in "Plain Text". I'm trying to
> retrieve the password by using JNDI, but still I could'nt get the exact
> password value.
>
> It would be great to me, if you provide any sample snippet code.
>
> Thanks & Regards
> UdayaKiran.Ala
>
>
>
> On 12/13/07, UdayaKiran Ala <ud...@gmail.com> wrote:
> >
> > Hi Emmanuel,
> >
> > Thanks for your mail & information.
> >
> > Yes, as you said I stored the password in "Plain Text". I'm trying to
> > retrieve the password by using JNDI, but still I could'nt get the exact
> > password value.
> >
> > Thanks & Regards
> > UdayaKiran.Ala
> >
> >
> > On 12/12/07, Emmanuel Lecharny <elecharny@gmail.com > wrote:
> > >
> > > UdayaKiran Ala wrote:
> > > > Hi All,
> > > >
> > > > I'm using Apache Directory Server 1.5.0 for our application
> > > authentication.
> > > >
> > > > I need to retrieve the cleartext password (userPassword) by using
> > > JAVA API
> > > >
> > > > Any idea?
> > > >
> > > It depends... If the password is stored as clear text into the server,
> > > no problem (beside the huge security concern, of course !) : do a
> > > search
> > > with (uid=<your user ID>) and get the userPassword attribute using
> > > JNDI.
> > > If the password is encrypted using (S)SHA, (S)MD5 or crypt, there is
> > > no
> > > way you can get the clear text from it.
> > > > Thanks in Advance,
> > > >
> > > > Regards
> > > > UdayaKiran.Ala
> > > >
> > > >
> > >
> > >
> > > --
> > > --
> > > cordialement, regards,
> > > Emmanuel Lécharny
> > > www.iktek.com
> > > directory.apache.org
> > >
> > >
> > >
> >
>
Re: Getting a clear text password from Apache DS 1.5.0
Posted by UdayaKiran Ala <ud...@gmail.com>.
Hi Emmanuel,
Thanks for your mail & information.
Yes, as you said I stored the password in "Plain Text". I'm trying to
retrieve the password by using JNDI, but still I could'nt get the exact
password value.
It would be great to me, if you provide any sample snippet code.
Thanks & Regards
UdayaKiran.Ala
On 12/13/07, UdayaKiran Ala <ud...@gmail.com> wrote:
>
> Hi Emmanuel,
>
> Thanks for your mail & information.
>
> Yes, as you said I stored the password in "Plain Text". I'm trying to
> retrieve the password by using JNDI, but still I could'nt get the exact
> password value.
>
> Thanks & Regards
> UdayaKiran.Ala
>
>
> On 12/12/07, Emmanuel Lecharny <el...@gmail.com> wrote:
> >
> > UdayaKiran Ala wrote:
> > > Hi All,
> > >
> > > I'm using Apache Directory Server 1.5.0 for our application
> > authentication.
> > >
> > > I need to retrieve the cleartext password (userPassword) by using
> > JAVA API
> > >
> > > Any idea?
> > >
> > It depends... If the password is stored as clear text into the server,
> > no problem (beside the huge security concern, of course !) : do a search
> >
> > with (uid=<your user ID>) and get the userPassword attribute using JNDI.
> > If the password is encrypted using (S)SHA, (S)MD5 or crypt, there is no
> > way you can get the clear text from it.
> > > Thanks in Advance,
> > >
> > > Regards
> > > UdayaKiran.Ala
> > >
> > >
> >
> >
> > --
> > --
> > cordialement, regards,
> > Emmanuel Lécharny
> > www.iktek.com
> > directory.apache.org
> >
> >
> >
>
Re: Getting a clear text password from Apache DS 1.5.0
Posted by UdayaKiran Ala <ud...@gmail.com>.
Hi Emmanuel,
Thanks for your mail & information.
Yes, as you said I stored the password in "Plain Text". I'm trying to
retrieve the password by using JNDI, but still I could'nt get the exact
password value.
Thanks & Regards
UdayaKiran.Ala
On 12/12/07, Emmanuel Lecharny <el...@gmail.com> wrote:
>
> UdayaKiran Ala wrote:
> > Hi All,
> >
> > I'm using Apache Directory Server 1.5.0 for our application
> authentication.
> >
> > I need to retrieve the cleartext password (userPassword) by using JAVA
> API
> >
> > Any idea?
> >
> It depends... If the password is stored as clear text into the server,
> no problem (beside the huge security concern, of course !) : do a search
> with (uid=<your user ID>) and get the userPassword attribute using JNDI.
> If the password is encrypted using (S)SHA, (S)MD5 or crypt, there is no
> way you can get the clear text from it.
> > Thanks in Advance,
> >
> > Regards
> > UdayaKiran.Ala
> >
> >
>
>
> --
> --
> cordialement, regards,
> Emmanuel Lécharny
> www.iktek.com
> directory.apache.org
>
>
>
Re: Getting a clear text password from Apache DS 1.5.0
Posted by Emmanuel Lecharny <el...@gmail.com>.
UdayaKiran Ala wrote:
> Hi All,
>
> I'm using Apache Directory Server 1.5.0 for our application authentication.
>
> I need to retrieve the cleartext password (userPassword) by using JAVA API
>
> Any idea?
>
It depends... If the password is stored as clear text into the server,
no problem (beside the huge security concern, of course !) : do a search
with (uid=<your user ID>) and get the userPassword attribute using JNDI.
If the password is encrypted using (S)SHA, (S)MD5 or crypt, there is no
way you can get the clear text from it.
> Thanks in Advance,
>
> Regards
> UdayaKiran.Ala
>
>
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org