Support password hashing in LDAP

Question

Support password hashing in LDAP

GhostLee opened this issue 2 years ago · comments

sometime we don't save plaintext password in LDAP Server, so support password hashing is very useful, input a plaintext password, convert it into hashed password and compare with LDAP password field output the check result.

casbin-bot · Answer 1 · Thu Feb 17 2022 17:03:55 GMT+0800 (China Standard Time)

@Steve0x2a @seriouszyx @Abingcbc @ComradeProgrammer

James Horton · Answer 2 · Fri Feb 18 2022 08:18:34 GMT+0800 (China Standard Time)

and the attribute should be configurated

Yang Luo · Answer 3 · Fri Feb 18 2022 14:20:35 GMT+0800 (China Standard Time)

@seriouszyx

Yixiang Zhao · Answer 4 · Fri Feb 18 2022 14:29:20 GMT+0800 (China Standard Time)

@GhostLee We will add support for multiple password types as soon as possible. For configurable attributes, we plan to do this during the implementation of LDAP in the syncers.

Yixiang Zhao · Answer 5 · Sun Feb 20 2022 18:15:49 GMT+0800 (China Standard Time)

@GhostLee I found that there is no relationship between the password type of Casdoor and the LDAP server. I sent the password entered by the user to the LDAP server using a bind request and the authentication all passed regardless of the LDAP password type. On the contrary, if I encrypt the password in Casdoor, it will not pass.

My environment is Apache Directory Studio 2.0.0.

Yang Luo · Answer 6 · Sat Mar 12 2022 21:06:14 GMT+0800 (China Standard Time)

@GhostLee Casdoor always sends plain password to your LDAP server via LDAP protocol. So it's your LDAP server to decide whether to hash the password. It's not a Casdoor issue.