I am able to read the password stored in LDAP via JNDI. But the result is some gibberish characters. So how do i decrypt it?
Below is my code:
public static void main(String[] args)
{
String INITCTX = "com.sun.jndi.ldap.LdapCtxFactory";
String MY_HOST = "ldap://KhooGP-Comp1:1389";
String MGR_DN = "cn=Directory Manager";
String MGR_PW = "password";
String MY_SEARCHBASE = "dc=QuizPortal";
String MY_FILTER = "uid=yiwei";
String MY_ATTRS[] = {"cn", "uid", "sn", "userpassword"};
//Identify service provider to use
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, INITCTX);
env.put(Context.PROVIDER_URL, MY_HOST);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, MGR_DN);
env.put(Context.SECURITY_CREDENTIALS, MGR_PW);
try
{
// Create the initial directory context
InitialDirContext initialContext = new InitialDirContext(env);
DirContext ctx = (DirContext)initialContext;
System.out.println("Context Sucessfully Initialized");
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration results = ctx.search(MY_SEARCHBASE, MY_FILTER, constraints);
while(results != null && results.hasMore())
{
SearchResult sr = (SearchResult) results.next();
String dn = sr.getName() + "," + MY_SEARCHBASE;
System.out.println("Distinguished Name is " + dn);
Attributes ar = ctx.getAttributes(dn, MY_ATTRS);
if(ar == null)
{
System.out.println("Entry " + dn);
System.out.println(" has none of the specified attributes\n");
}
else
{
for(int i=0; i<MY_ATTRS.length; i++)
{
Attribute attr = ar.get(MY_ATTRS[i]);
System.out.println(MY_ATTRS[i] + ":");
for(Enumeration vals=attr.getAll(); vals.hasMoreElements();)
{
System.out.println("\t" + vals.nextElement());
}
}
}
}
}
catch(Exception e)
{
System.err.println(e);
}
}
Below is the result:
Distinguished Name is uid=yiwei,ou=Administrator,o=SID,dc=QuizPortal
cn:
yiwei huang
uid:
yiwei
sn:
huang
userpassword:
[B@1cd8669
Any advice?? Many thanks in advance
Kevin
What you're seeing ([B@1cd8669) is Java's way of saying "this is a byte array".
The stored "password" is most likely either a hash of the real password or an encrypted version. Cryptographic hashes are, by definition, non-reversible so you will not be able to see what the user's password is if LDAP stores the hash.
If it's encrypted then if you know the algorithm and the key it's fairly simple to decrypt. BouncyCastle is a great Java crypto library you can use to decrypt the password.
Basically, you need to know exactly what you're looking at, and that will depend on the LDAP setup.