Decrypting OpenLDAP passwords

java ldap jaas openldap gssapi
13,961

The userPassword is generaly store in hashed form

userPassword: {hasAlgorithm}Hashed value

Example :

userPassword: {SSHA}DkMTwBl+a/3DQTxCYEApdUtNXGgdUac3

The userPassword attribute is allowed to have more than one value, and it is possible for each value to be stored in a different form. During authentication, slapd will iterate through the values until it finds one that matches the offered password or until it runs out of values to inspect. The storage scheme is stored as a prefix on the value

You can have :

CRYPT

This scheme uses the operating system's crypt(3) hash function. It normally produces the traditional Unix-style 13 character hash, but on systems with glibc2 it can also generate the more secure 34-byte MD5 hash

MD5

This scheme simply takes the MD5 hash of the password and stores it in base64 encoded form

SMD5

This improves on the basic MD5 scheme by adding salt (random data which means that there are many possible representations of a given plaintext password). For example, both of these values represent the same password

SSHA

This is the salted version of the SHA scheme. It is believed to be the most secure password storage scheme supported by slapd

Conclusion

Most of the time you don't have to recover password, You just have to compute the hash from the password given by the user in the login form and compare it with the one of userPassword.

Share:
13,961
odtf
Author by

odtf

Updated on June 14, 2022

Comments

  • odtf
    odtf almost 2 years

    I have a set of users in my OpenLDAP and i wish to get some information from them, for example "cn" and "userPassword".

    However when i retrieve these details the password isnt in plain text even though it is set to this in my LDAP server.

    Any ideas how to solve this?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Kerberos/SASSL/OpenLDAP : GSSAPI Error: Unspecified GSS failure. Minor code may provide more information ()
Retrieve all users and their roles from LDAP using Java
JAAS configuration and LDAP login module in JavaEE 6
What are the other alternative to test a LDAP connection on linux machine
How does java LoginContext.login() work?
inetOrgPerson with member or memberOf?
JSF 2.0 redirect to index.jsf after login
Why doesn't DirContext.close() return the LDAP connection to the pool?
LDAP search base DN not working
Nested Group LDAP Search Filter