Feature #30
Method in AD library to encode a password
| Status: | Closed | Start: | 10/02/2009 | ||
|---|---|---|---|---|---|
| Priority: | High | Due date: | |||
| Assigned to: | Jonathan Clarke | % Done: | 50% |
||
| Category: | Core | ||||
| Target version: | 1.1.0 | Estimated time: | 4.00 hours |
Description
AD passwords are stored in the write-only attribute unicodePwd. The value to write in LDAP consists of the UTF-8 encoded string "\"secret\"" (the quotes are encoded in the string!).
AD library must have a method to do this automatically. It's easy once you know :)
Related issues
| related to Bug #55: AD password encoding doesn't support non-ASCII characters | New | 01/06/2009 |
Associated revisions
fixes #30 - use UTF-16LE encoding to encode unicodePwd values
History
Updated by Clément Oudot over 1 year ago
Hello,
found a cool link with java code to encode unicodePwd:
http://alextch.members.winisp.net/ResetADPasswordFromJava/SetADPasswordFromJava.htm
A little copy/paste should close these feature ticket ;)
Updated by Jonathan Clarke over 1 year ago
- Status changed from Assigned to Feedback
- % Done changed from 0 to 50
Clément,
I've implemented a method for this. AD.getUnicodePwd("cleartextpassword") just committed.
Can you try this? I don't have time to set up a full demo here, and I know you have one available. Let me know how it goes!
Updated by Clément Oudot over 1 year ago
This works with "simple" passwords (like "changeit") but when using special characters (like "à", "é", "ô"), the entry is added but we cannot authenticate with the submitted password.
Updated by Sébastien Bahloul over 1 year ago
- Estimated time set to 4.00
Updated by Thomas Chemineau about 1 year ago
- Status changed from Feedback to Assigned
I have done many tests with Active Directory password synchronization.
I found that if a password contains special characters (like "é", "à", etc.) and LSC says that password modification succeed, we cannot authenticate with this new password. In fact, the old one is still valid :/
It may be a wrong charset used to encode the password. Default charset on Windows systems is CP1252.
Updated by Jonathan Clarke about 1 year ago
- Status changed from Assigned to Closed
This feature has been implemented. See http://lsc-project.org/wiki/documentation/configuration/syncoptions/activedirectory#managing_password.
There is still a bug using this feature with non-ASCII characters! See bug #51, which is targeted for version 1.1.1, to avoid blocking 1.1.0 on this.