How to implement encoded (SHA) password in spring ldap

Question

I have implemented Spring security with ldap and it's working fine while using plain-text password in ldif file, but when I use hashed {SHA} password in ldap file it throws me "Unauthorized"

code :

     AndFilter filter = new AndFilter();
    filter.and(new EqualsFilter("objectclass", "person")).and(
        new EqualsFilter("uid", authentication.getPrincipal()
      .toString()));  

   boolean authenticatedUser = ldapTemplate.authenticate(<DN>, filter.encode(),<password>);

test.ldif :

  dn: uid=test ,ou=people,dc=springframework,dc=org
  objectclass: top
  objectclass: person
  objectclass: organizationalPerson
  objectclass: inetOrgPerson
  cn: Rod Johnson
  sn: Johnson
  uid: test
  userPassword: {SHA}a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

What is the correct way to implement ldapTemplate.authenticate?

Ludovic Poitou Ludovic Poitou · Accepted Answer · 2016-10-08T12:18:52

LDAP Directory Servers usually hash user passwords to prevent someone from discovering them. How the server handles importing or adding cleartext passwords or hashed passwords is specific to the servers. If this is sample data, live it in cleartext. If you are importing existing user data with passwords that are already hashed, you should check whether the algorithm that was used is supported by the Directory Server of your choice, and what is the server's representation.

How to implement encoded (SHA) password in spring ldap

1 Answers