9 Mar
2009
9 Mar
'09
11:15 p.m.
Thomas,
Thank you for your answer.
My userPassword attributes are encrypted using the SHA algorithm
(therefore with the {SHA} prefix in the binary value, just like you
have).
Unfortunately, the OpenLDAP server I am using is not configured to
accept Simple Bind authentication method.
Best Regards,
Christophe
Le 9 mars 09 à 13:12, Thomas Mortagne a écrit :
On Mon, Mar 9, 2009 at 13:08, Thomas Mortagne
<thomas.mortagne(a)xwiki.com
--
Thomas Mortagne
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
wrote:
On Mon, Mar 9, 2009 at 11:47, Christophe GRAVIER
<christophe.gravier(a)telecom-st-etienne.fr> wrote:
FYI in my ldif file it look like:
dn: cn=Horatio Hornblower,ou=people,o=sevenSeas
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: top
cn: Horatio Hornblower
description: Capt. Horatio Hornblower, R.N
givenname: Horatio
sn: Hornblower
uid: hhornblo
mail: hhornblo(a)royalnavy.mod.uk
userpassword: {SHA}nU4eI71bcnBGqeO0t9tXvY1u5oQ=
note the "{SHA}" suffix in the password value.
Dear XWiki users,
I have been looking for authenticating my xwiki users against a LDAP
directory (OpenLdap, debian box), where the userPassword field is
encrypted using the SHA algorithm.
Unfortunately, I am not able to configure xwiki to encrypt the
password entered by the user before the authentication and
authorization process.
I receive the following snip, after enabling ldap logging in a
custom
log4j.properties file as indicated in the doc:
com.xpn.xwiki.XWikiException: Error number 8001 in 8: LDAP
authentication failed: could not validate the password: wrong
password
for uid=gravier.christophe,ou=xxx,o=yyyy,c=fr
The configuration is nevertheless good in overall, because I can log
in if I store my password as plain text binary in my LDAP server
(but
I don't want it to be plain text in the LDAP server of course...).
I have been searching the documentation, FAQ and user/dev mailing
lists, and I only found encryption related to cookie storage, or SHA
encryption for xwiki-webdav module
(http://xwiki.markmail.org/message/k2r2qqu2twjputml?q=ldap+SHA
) developpers' thoughts.
Does someone have any clue on how to configure xwiki for encrypted
userPassword stored in OpenLDAP please ?
I guess sent password encrypted to LDAP server would be the best for
security but anyway it's generally LDAP server work to encrypt
received password, not client. I have password in my LDAP server
(ApacheDS) stored encrypted and it works perfectly (it's even how I
always used it). I don't know OpenLDAP very well but it should have
some way to have encrypted password in the database even if the
client
sent not encrypted password.
> Thank you in advance for any information in this matter !
If encrypt the password on the client side is really needed you should
add an issue on http://jira.xwiki.org
Best Regards,
Ch. Gravier
--
Dr.-Ing. Christophe Gravier
DIOM laboratory - http://diom.telecom-st-etienne.fr/
TELECOM Saint-Étienne (formerly "Istase") - http://www.telecom-st-etienne.fr/
Jabber ID : gravier.christophe(a)jabber.istase.com
Homepage: http://diom.telecom-st-etienne.com/public/cgravier/
Research project: http://diom.istase.fr/satin/einst/
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Thomas Mortagne