如何通过 JNDI 检索 LDAP 密码

2022-01-17 00:00:00 passwords ldap java jndi

我可以通过 JNDI 读取存储在 LDAP 中的密码.但结果是一些乱码.那么如何解密呢?

I am able to read the password stored in LDAP via JNDI. But the result is some gibberish characters. So how do i decrypt it?

下面是我的代码:

public static void main(String[] args)
        {
            String INITCTX = "com.sun.jndi.ldap.LdapCtxFactory";
            String MY_HOST = "ldap://KhooGP-Comp1:1389";
            String MGR_DN = "cn=Directory Manager";
            String MGR_PW = "password";
            String MY_SEARCHBASE = "dc=QuizPortal";
            String MY_FILTER = "uid=yiwei";
            String MY_ATTRS[] = {"cn", "uid", "sn", "userpassword"};

            //Identify service provider to use
            Hashtable env = new Hashtable();
            env.put(Context.INITIAL_CONTEXT_FACTORY, INITCTX);
            env.put(Context.PROVIDER_URL, MY_HOST);

            env.put(Context.SECURITY_AUTHENTICATION, "simple");
            env.put(Context.SECURITY_PRINCIPAL, MGR_DN);
            env.put(Context.SECURITY_CREDENTIALS, MGR_PW);

            try
            {
                // Create the initial directory context
                InitialDirContext initialContext = new InitialDirContext(env);
                DirContext ctx = (DirContext)initialContext;

                System.out.println("Context Sucessfully Initialized");

                SearchControls constraints = new SearchControls();
                constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);

                NamingEnumeration results = ctx.search(MY_SEARCHBASE, MY_FILTER, constraints);

                while(results != null && results.hasMore())
                {
                    SearchResult sr = (SearchResult) results.next();
                    String dn = sr.getName() + "," + MY_SEARCHBASE;
                    System.out.println("Distinguished Name is " + dn);

                    Attributes ar = ctx.getAttributes(dn, MY_ATTRS);

                    if(ar == null)
                    {
                        System.out.println("Entry " + dn);
                        System.out.println(" has none of the specified attributes
");
                    }
                    else
                    {
                        for(int i=0; i<MY_ATTRS.length; i++)
                        {
                            Attribute attr = ar.get(MY_ATTRS[i]);
                            System.out.println(MY_ATTRS[i] + ":");

                            for(Enumeration vals=attr.getAll(); vals.hasMoreElements();)
                            {
                                System.out.println("	" + vals.nextElement());
                            }
                        }
                    }
                }
            }
            catch(Exception e)
            {
                System.err.println(e);
            }
    }

Below is the result:

    Distinguished Name is uid=yiwei,ou=Administrator,o=SID,dc=QuizPortal
    cn:
            yiwei huang
    uid:
            yiwei
    sn:
            huang
    userpassword:
            [B@1cd8669

有什么建议吗??非常感谢提前

Any advice?? Many thanks in advance

凯文

推荐答案

您所看到的 ([B@1cd8669) 是 Java 表示这是一个字节数组"的方式.

What you're seeing ([B@1cd8669) is Java's way of saying "this is a byte array".

存储的密码"很可能是真实密码的哈希或加密版本.根据定义,加密哈希是不可逆的,因此如果 LDAP 存储哈希,您将无法看到用户的密码.

The stored "password" is most likely either a hash of the real password or an encrypted version. Cryptographic hashes are, by definition, non-reversible so you will not be able to see what the user's password is if LDAP stores the hash.

如果它是加密的,那么如果你知道算法和密钥,那么解密就相当简单.BouncyCastle 是一个很棒的 Java 加密库,可用于解密密码.

If it's encrypted then if you know the algorithm and the key it's fairly simple to decrypt. BouncyCastle is a great Java crypto library you can use to decrypt the password.

基本上,您需要确切地知道您正在查看的内容,这取决于 LDAP 设置.

Basically, you need to know exactly what you're looking at, and that will depend on the LDAP setup.

相关文章