如何通过JNDI检索LDAP密码 [英] How to retrieve LDAP password via JNDI

问题描述

我可以通过JNDI读取存储在LDAP中的密码。但结果是一些胡言乱语的人物。那我该怎么解密呢？

I am able to read the password stored in LDAP via JNDI. But the result is some gibberish characters. So how do i decrypt it?

以下是我的代码：

public static void main(String[] args)
        {
            String INITCTX = "com.sun.jndi.ldap.LdapCtxFactory";
            String MY_HOST = "ldap://KhooGP-Comp1:1389";
            String MGR_DN = "cn=Directory Manager";
            String MGR_PW = "password";
            String MY_SEARCHBASE = "dc=QuizPortal";
            String MY_FILTER = "uid=yiwei";
            String MY_ATTRS[] = {"cn", "uid", "sn", "userpassword"};

            //Identify service provider to use
            Hashtable env = new Hashtable();
            env.put(Context.INITIAL_CONTEXT_FACTORY, INITCTX);
            env.put(Context.PROVIDER_URL, MY_HOST);

            env.put(Context.SECURITY_AUTHENTICATION, "simple");
            env.put(Context.SECURITY_PRINCIPAL, MGR_DN);
            env.put(Context.SECURITY_CREDENTIALS, MGR_PW);

            try
            {
                // Create the initial directory context
                InitialDirContext initialContext = new InitialDirContext(env);
                DirContext ctx = (DirContext)initialContext;

                System.out.println("Context Sucessfully Initialized");

                SearchControls constraints = new SearchControls();
                constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);

                NamingEnumeration results = ctx.search(MY_SEARCHBASE, MY_FILTER, constraints);

                while(results != null && results.hasMore())
                {
                    SearchResult sr = (SearchResult) results.next();
                    String dn = sr.getName() + "," + MY_SEARCHBASE;
                    System.out.println("Distinguished Name is " + dn);

                    Attributes ar = ctx.getAttributes(dn, MY_ATTRS);

                    if(ar == null)
                    {
                        System.out.println("Entry " + dn);
                        System.out.println(" has none of the specified attributes\n");
                    }
                    else
                    {
                        for(int i=0; i<MY_ATTRS.length; i++)
                        {
                            Attribute attr = ar.get(MY_ATTRS[i]);
                            System.out.println(MY_ATTRS[i] + ":");

                            for(Enumeration vals=attr.getAll(); vals.hasMoreElements();)
                            {
                                System.out.println("\t" + vals.nextElement());
                            }
                        }
                    }
                }
            }
            catch(Exception e)
            {
                System.err.println(e);
            }
    }

Below is the result:

    Distinguished Name is uid=yiwei,ou=Administrator,o=SID,dc=QuizPortal
    cn:
            yiwei huang
    uid:
            yiwei
    sn:
            huang
    userpassword:
            [B@1cd8669

任何建议？非常感谢提前

Any advice?? Many thanks in advance

凯文

推荐答案

你所看到的（[B @ 1cd8669]是Java的说法这是一个字节数组。

What you're seeing ([B@1cd8669) is Java's way of saying "this is a byte array".

存储的密码很可能是真实密码的哈希值或加密版本。根据定义，加密哈希值是不可逆的，因此如果LDAP存储哈希值，您将无法看到用户密码是什么。

The stored "password" is most likely either a hash of the real password or an encrypted version. Cryptographic hashes are, by definition, non-reversible so you will not be able to see what the user's password is if LDAP stores the hash.

如果它已加密，那么如果你知道算法和密钥解密起来相当简单。 BouncyCastle 是一个很棒的Java加密库，可用于解密密码。

If it's encrypted then if you know the algorithm and the key it's fairly simple to decrypt. BouncyCastle is a great Java crypto library you can use to decrypt the password.

基本上，您需要准确了解您正在查看的内容，这取决于LDAP设置。

Basically, you need to know exactly what you're looking at, and that will depend on the LDAP setup.

这篇关于如何通过JNDI检索LDAP密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！