6 Replies Latest reply: May 4, 2012 3:35 AM by EJP RSS

    How to capture password using Ldap client

    Rahul Shah
      Hello,
      Is there a way to capture password from LDAP client which will be in clear text format using JNDI ?

      Thank-You
      Rahul Shah
        • 1. Re: How to capture password using Ldap client
          EJP
          If the password is being passed in the clear (it doesn't have to be, there are various ways of setting it up), you just have to sniff the network. That's why you should use LDAP over SSL.
          • 2. Re: How to capture password using Ldap client
            Rahul Shah
            Thanks for replying & please correct me if i am wrong i.e.

            1) When we enter password in LDAP client & click OK ,so it will verify password with the directory server [iPlanet] , so the password which is to be verified will be in an
            encrypted format ?
            2) Is there any way to create pre-plugin on iPlanet directory server because i have an scenario where i need to capture password before it verifies with directory
            server ?

            Thank-You
            Rahul Shah
            • 3. Re: How to capture password using Ldap client
              handat
              Rahul Shah wrote:
              Thanks for replying & please correct me if i am wrong i.e.

              1) When we enter password in LDAP client & click OK ,so it will verify password with the directory server [iPlanet] , so the password which is to be verified will be in an
              encrypted format ?
              The client will send the password as is, ie in plain text (hence you should be using LDAPS instead of LDAP) and the directory server will then encrypt the password using a one way hash and compare it to the hashed password it has stored for the user.
              2) Is there any way to create pre-plugin on iPlanet directory server because i have an scenario where i need to capture password before it verifies with directory
              server ?
              Yes, you can write a plugin which can access the plain text password before it gets passed to the authentication mechanism for comparison, but this plugin cannot be written in Java, it needs to be written in C.
              Thank-You
              Rahul Shah
              • 4. Re: How to capture password using Ldap client
                EJP
                1) When we enter password in LDAP client & click OK ,so it will verify password with the directory server [iPlanet] , so the password which is to be verified will be in an encrypted format ?
                I've answered that. It depends entirely on how you set up the LDAP directory. Mostly they are setup to require plaintext passwords to be sent, but there are alternatives.
                • 5. Re: How to capture password using Ldap client
                  Rahul Shah
                  Is there any way to find out how SunOne DirectoryServer is setup [plain text or encrypted format] .

                  Thank-you
                  Rahul
                  • 6. Re: How to capture password using Ldap client
                    EJP
                    Ask the admin?