java 如何通过 JNDI 检索 LDAP 密码
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4394233/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to retrieve LDAP password via JNDI
提问by Nivek
I am able to read the password stored in LDAP via JNDI. But the result is some gibberish characters. So how do i decrypt it?
我能够通过 JNDI 读取存储在 LDAP 中的密码。但结果是一些乱码。那么如何解密呢?
Below is my code:
下面是我的代码:
public static void main(String[] args)
{
String INITCTX = "com.sun.jndi.ldap.LdapCtxFactory";
String MY_HOST = "ldap://KhooGP-Comp1:1389";
String MGR_DN = "cn=Directory Manager";
String MGR_PW = "password";
String MY_SEARCHBASE = "dc=QuizPortal";
String MY_FILTER = "uid=yiwei";
String MY_ATTRS[] = {"cn", "uid", "sn", "userpassword"};
//Identify service provider to use
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, INITCTX);
env.put(Context.PROVIDER_URL, MY_HOST);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, MGR_DN);
env.put(Context.SECURITY_CREDENTIALS, MGR_PW);
try
{
// Create the initial directory context
InitialDirContext initialContext = new InitialDirContext(env);
DirContext ctx = (DirContext)initialContext;
System.out.println("Context Sucessfully Initialized");
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration results = ctx.search(MY_SEARCHBASE, MY_FILTER, constraints);
while(results != null && results.hasMore())
{
SearchResult sr = (SearchResult) results.next();
String dn = sr.getName() + "," + MY_SEARCHBASE;
System.out.println("Distinguished Name is " + dn);
Attributes ar = ctx.getAttributes(dn, MY_ATTRS);
if(ar == null)
{
System.out.println("Entry " + dn);
System.out.println(" has none of the specified attributes\n");
}
else
{
for(int i=0; i<MY_ATTRS.length; i++)
{
Attribute attr = ar.get(MY_ATTRS[i]);
System.out.println(MY_ATTRS[i] + ":");
for(Enumeration vals=attr.getAll(); vals.hasMoreElements();)
{
System.out.println("\t" + vals.nextElement());
}
}
}
}
}
catch(Exception e)
{
System.err.println(e);
}
}
Below is the result:
Distinguished Name is uid=yiwei,ou=Administrator,o=SID,dc=QuizPortal
cn:
yiwei huang
uid:
yiwei
sn:
huang
userpassword:
[B@1cd8669
Any advice?? Many thanks in advance
有什么建议吗??提前谢谢了
Kevin
凯文
回答by Cameron Skinner
What you're seeing ([B@1cd8669) is Java's way of saying "this is a byte array".
您所看到的 ([B@1cd8669) 是 Java 说“这是一个字节数组”的方式。
The stored "password" is most likely either a hash of the real password or an encrypted version. Cryptographic hashes are, by definition, non-reversible so you will not be able to see what the user's password is if LDAP stores the hash.
存储的“密码”很可能是真实密码的散列或加密版本。根据定义,加密散列是不可逆的,因此如果 LDAP 存储散列,您将无法看到用户的密码是什么。
If it's encrypted then if you know the algorithm and the key it's fairly simple to decrypt. BouncyCastleis a great Java crypto library you can use to decrypt the password.
如果它是加密的,那么如果你知道算法和密钥,解密起来就相当简单。BouncyCastle是一个很棒的 Java 加密库,可用于解密密码。
Basically, you need to know exactly what you're looking at, and that will depend on the LDAP setup.
基本上,您需要确切地知道您在看什么,这取决于 LDAP 设置。
回答by Chinnu
with ldap we will get data in byte array.if you need to get the original password text use the
following code:
使用 ldap 我们将在字节数组中获取数据。如果您需要获取原始密码文本,请使用
以下代码:
Attribute userPassword = attributes.get("userPassword");
String pwd = new String((byte[]) userPassword.get());
