1
1
I've been asked to store hashed data in a LDAP server. Putting hashed passwords is easy but I'm not sure if LDAP allows to store data like email hashed or even encrypted.
Creating a LDIF file with a string "{MD5}contents" gives me no errors but I don't know how to retrieve this information once it's stored.
Any help?
F.D.F.
Posted 2012-09-17T12:40:58.567
Reputation: 111
0
Data can be stored in any format that is allowed by the attribute description. userpassword and authpassword syntaxes are described in RFC3112. How the directory server stores data varies according to the data and the attribute description in the schema, but there is no reason why data cannot be stored in any format that is allowed by the attribute description. Depending on the data, the server might base64-encode the data, but that's irrelevant as far as the client is concerned.
Terry Gardner
Posted 2012-09-17T12:40:58.567
Reputation: 827
The LDAP server needs to be aware of hashed passwords because it must be able to recompute the hash to authenticate users with it. Unless your LDAP server needs to do blind validation of said email field, why would it have to care about hashing ? that should be handled by the application. – b0fh – 2012-09-21T17:13:40.640