-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Won't Fix
-
Affects Version/s: OpenIDM 3.0.0, OpenIDM 3.1.0
-
Fix Version/s: OpenIDM 3.1.0
-
Component/s: Module - Provisioner framework
-
Labels:
When OpenIDM reads a SHA encrypted password from a directory, it is being immediately encoded using base64 format,
e.g. The LDAP Search returns:
userPassword: {SSHA}Wpa5dOSwrAvu27S0eqMMMADweY/dIZfc3lbdJw==
But if you query the system object directly using OpenIDM, you get this:
[tom.wood@localhost openidm]$ curl -u openidm-admin:openidm-admin -H "Content-Type: application/json" -X GET "http://localhost:8080/openidm/system/ldap/account/cn=john.doe,ou=Users,dc=example,dc=com" *snip* "userPassword": "e1NTSEF9V3BhNWRPU3dyQXZ1MjdTMGVxTU1NQUR3ZVkvZElaZmMzbGJkSnc9PQ==", *snip*
I've tested this using OpenIDM 3.0.0 and 3.1.0 (OpenICF 1.4) and the above en occurs. However, the SHA'd password is returned correctly if I use OpenIDM 2.1.1:
[tom.wood@localhost openidm]$ curl -u openidm-admin:openidm-admin -H "Content-Type: application/json" -X GET "http://localhost:8080/openidm/system/ldap/account/cn=john.doe,ou=Users,dc=example,dc=com"
*snip*
"userPassword": "{SSHA}Wpa5dOSwrAvu27S0eqMMMADweY/dIZfc3lbdJw==",
*snip*
As a final test, I used v1.1.1.1 of the ICF LDAP Connector (Bundled with 2.1.1) with OpenIDM 3.1.0 and the userPassword is still base64 encoded which points this to be an issue with the OpenIDM integration of OpenICF rather than with OpenICF itself.
- is related to
-
-
- Closed
-