Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-3202

Integration of OpenICF LDAP Connector base64 encodes pre-SHA'd 'userPassword' fields

    Details

    • Sprint:
      Sprint 38, Sustaining Sprint 39
    • Cases:
    • Support Ticket IDs:

      Description

      When OpenIDM reads a SHA encrypted password from a directory, it is being immediately encoded using base64 format,

      e.g. The LDAP Search returns:

      userPassword: {SSHA}Wpa5dOSwrAvu27S0eqMMMADweY/dIZfc3lbdJw==
      

      But if you query the system object directly using OpenIDM, you get this:

      [tom.wood@localhost openidm]$ curl -u openidm-admin:openidm-admin -H "Content-Type: application/json" -X GET "http://localhost:8080/openidm/system/ldap/account/cn=john.doe,ou=Users,dc=example,dc=com"
      
      *snip*
        "userPassword": "e1NTSEF9V3BhNWRPU3dyQXZ1MjdTMGVxTU1NQUR3ZVkvZElaZmMzbGJkSnc9PQ==",
      *snip*
      

      I've tested this using OpenIDM 3.0.0 and 3.1.0 (OpenICF 1.4) and the above en occurs. However, the SHA'd password is returned correctly if I use OpenIDM 2.1.1:

      [tom.wood@localhost openidm]$ curl -u openidm-admin:openidm-admin -H "Content-Type: application/json" -X GET "http://localhost:8080/openidm/system/ldap/account/cn=john.doe,ou=Users,dc=example,dc=com"
      
      *snip*
        "userPassword": "{SSHA}Wpa5dOSwrAvu27S0eqMMMADweY/dIZfc3lbdJw==",
      *snip*
      

      As a final test, I used v1.1.1.1 of the ICF LDAP Connector (Bundled with 2.1.1) with OpenIDM 3.1.0 and the userPassword is still base64 encoded which points this to be an issue with the OpenIDM integration of OpenICF rather than with OpenICF itself.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                mark.offutt Mark Offutt [X] (Inactive)
                Reporter:
                tom.wood Tom Wood
              • Votes:
                1 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: