Crypto Support for LDAP Bind password

Avatar

Avatar

ClintLundmark

Avatar

ClintLundmark

ClintLundmark

06-10-2020

We use LDAP for authentication to the Author server. After configuring LDAP, the bind password used by the user to authenticate to the LDAP server is in plain text in the repository.  We we hoping to encrypt that password using Crypto Support but it does not seem to work.

 

We can encrypt using Web Console -> Main -> Crypto Support to come up with a hash.  We replace the password with that hash in the OSGI node configuration.  LDAP works fine until AEM is restarted.  After the restart the LDAP bind is no longer successful and LDAP no longer works. 

 

OSGI Config node:

 

/apps/system/config.author/org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider-<identifier> 

bind.password = {hash}

 

 

In the error log it shows:
06.10.2020 14:26:03.313 *ERROR* [qtp889165464-1425] org.apache.directory.ldap.client.api.DefaultLdapConnectionFactory unable to bind connection: 80090308: LdapErr: DSID-0C090442, comment: AcceptSecurityContext error, data 52e, v3839

 

I found an entry in this forum from 2015 that indicates the Crypto Support hash may not work with LDAP, but I am hopeful it has been resolved in the last 5 years.

 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/using-hashed-password-for-...

 

AEM 6.4.8.2

 

...

clint

Accepted Solutions (0)

Answers (0)