Description
from IRC:
file: core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
method: public LdapPrincipal authenticate( BindOperationContext bindContext )
you can see a code block starting with:
// Short circuit for PLAIN TEXT passwords : we compare the byte array directly
// Are the passwords equal ?
if ( Arrays.equals( credentials, storedPassword ) )
i think you should move this block to the algorithm == null case some lines below
the test case would be:
1) store a password with any hashed algorithm.
2) base64 decode it.
3) use the result to bind to the ldap server