How to validate a user's password in the Portal's LDAP?
I am writing some Java applications to query the Portal Server LDAP. I am
able to retrieve/update any field I want, but the password comes encrypted
so I am not able to know if a given password for a user is the right one.
This can be usefull, for example, for a SSO between external applications
and the Portal or for use the Portal LDAP to authenticad users registered in
the Portal to other applications, without the need of another user's
database.
I am using membership authentication in the Portal.
Please HELP!!!!
Thanks in advance
Rodrigo Ramirez
[629 byte] By [
708804] at [2007-11-25 4:31:20]
I don't know the specifics about the password field in iPlanet LDAP
server but the common way of comparing passwords using 'crypt' for
example is to take the password supplied by the user encrypt it using
the same function then compare the two encoded strings. If the encoded
strings are the same then the passwords are the same. Alternatively to
authenticate a password to an LDAP server you could try doing a BIND
using the username and password. If the bind fails the password is wrong
simple as that.
Rodrigo Ramirez wrote:
> I am writing some Java applications to query the Portal Server LDAP. I am
> able to retrieve/update any field I want, but the password comes encrypted
> so I am not able to know if a given password for a user is the right one.
> This can be usefull, for example, for a SSO between external applications
> and the Portal or for use the Portal LDAP to authenticad users registered in
> the Portal to other applications, without the need of another user's
> database.
>
> I am using membership authentication in the Portal.
>
> Please HELP!!!!
>
> Thanks in advance
>
> Rodrigo Ramirez
>
>
>
Guest at 2007-6-30 21:18:33 >
We are having the same problem.... except we use the LDAP authentication. One
way that I think that may work is during the portal login, grab the password
since it's the same Ldap password, store in a session, and later retrieve it.
After examing the login page, the login form posts to "/login/Ldap".Where
are the files stored? Do I need to write my own login provider to achieve this?
THanks,
Yi
Rodrigo Ramirez wrote:
> I am writing some Java applications to query the Portal Server LDAP. I am
> able to retrieve/update any field I want, but the password comes encrypted
> so I am not able to know if a given password for a user is the right one.
> This can be usefull, for example, for a SSO between external applications
> and the Portal or for use the Portal LDAP to authenticad users registered in
> the Portal to other applications, without the need of another user's
> database.
>
> I am using membership authentication in the Portal.
>
> Please HELP!!!!
>
> Thanks in advance
>
> Rodrigo Ramirez
708804 at 2007-6-30 21:18:33 >
