I need to do spring security authentication where users whose passwords are stored in LDAP MD5 Hex encoding format using password comparison. For LDAP SHA encoding I can use LDAPShaPasswordEncoder. Which encoder should I use for LDAP MD5 encoding ?
2
votes
2 Answers
2
votes
<bean id="ldapAuthenticationProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator">
<constructor-arg ref="contextSource" />
<property name="passwordEncoder">
<bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" />
</property>
<property name="userDnPatterns">
<list>
<value>uid={0},ou=people</value>
</list>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean
class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource" />
<constructor-arg value="ou=groups" />
<property name="groupSearchFilter" value="(member={0})" />
<property name="rolePrefix" value="ROLE_" />
<property name="searchSubtree" value="true" />
<property name="convertToUpperCase" value="true" />
</bean>
</constructor-arg>
</bean>
0
votes
There isn't one that supports MD5. You'd have to implement PasswordEncoder yourself. You can use LdapShaPasswordEncoder as a guide. It should be pretty straightforward, especially without salt involved.
You should probably start looking at migrating to a more secure system which includes salt in the hashes. For example, perhaps your directory can support multiple formats and you can use SSHA for new users or password changes.
