Support password hashing in LDAP

Question

Support password hashing in LDAP

GhostLee opened this issue 2 years ago · 6 comments

sometime we don't save plaintext password in LDAP Server, so support password hashing is very useful, input a plaintext password, convert it into hashed password and compare with LDAP password field output the check result.

Answer 1 · 2022-02-17T09:03:55.000Z

@Steve0x2a @seriouszyx @Abingcbc @ComradeProgrammer

Answer 2 · 2022-02-18T00:18:34.000Z

and the attribute should be configurated

Answer 3 · 2022-02-18T06:20:35.000Z

@seriouszyx

Answer 4 · 2022-02-18T06:29:20.000Z

@GhostLee We will add support for multiple password types as soon as possible. For configurable attributes, we plan to do this during the implementation of LDAP in the syncers.

Answer 5 · 2022-02-20T10:15:49.000Z

@GhostLee I found that there is no relationship between the password type of Casdoor and the LDAP server. I sent the password entered by the user to the LDAP server using a bind request and the authentication all passed regardless of the LDAP password type. On the contrary, if I encrypt the password in Casdoor, it will not pass.

My environment is Apache Directory Studio 2.0.0.

Answer 6 · 2022-03-12T13:06:14.000Z

@GhostLee Casdoor always sends plain password to your LDAP server via LDAP protocol. So it's your LDAP server to decide whether to hash the password. It's not a Casdoor issue.