[prev in list] [next in list] [prev in thread] [next in thread] 

List:       perl-ldap-dev
Subject:    Re: Newbie Question: How to check passwords stored in LDAP
From:       Chris Ridd <chrisridd () mac ! com>
Date:       2005-04-06 12:17:48
Message-ID: BE7991FC.A5ACC%chrisridd () mac ! com
[Download RAW message or body]

On 6/4/05 9:48 am, Johannes Kilian <jok@vitronic.com> wrote:

> Hi there,
> 
> I'm a Newbie to ldap and perl ldap.
> 
> I want to force a user to log in into my(perl) application using ldap
> authentication.
> I succeeded doing a search on all persons in our LDAP-Directory.
> 
> My question is:
> 
> How can I check the password the user gave to my application against the
> password stored in the LDAP-Directory?

You should ask the directory server to check the password, either by doing a
bind operation as the user, or a compare operation on the user's entry.

> Concerning security issues:
> * (Off topic) Whats the best way of getting a password in a ENCODED way
> into my perl app?

What do you mean by encoded?

> * Do I get an encoded or decoded password from LDAP? I would prefer if I
> sent my encoded passwords to LDAP, LDAP decodes the sent password and
> compares my password to the stored password, and just tells me, whether
> the sent password is valid ...

Does your server store hashed passwords (eg {md5}, {ssha})? If it does, then
because hashing is a one-way algorithm you will only ever be able to
retrieve the hashed value. Assuming you have permissions to read the
appropriate password attribute of course... (You do not usually have to have
read permission on a password for binds and compares to work.)

> Any help welcome ...
> 
> Johannes
> 
> 
> 
> 

Cheers,

Chris


[prev in list] [next in list] [prev in thread] [next in thread]