Details

    • Type: Improvement Improvement
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.0.0-M5 (2.0.0.v20130131), 2.0.0-M6 (2.0.0.v20130308)
    • Component/s: studio-ldapbrowser
    • Labels:
      None

      Description

      Tivoli Directory Server v6.3 supports SSHA2 as algorithm for the userPassword attribute. The Password editor cannot display the attribute correctly like for SSHA.

      Sample of possible value:

      {SSHA512}

      IQze6hxNHkz2h7GjrUBTBPlTrZvRyCSe76q6BpBc1pPAN5IZ0sS8o9Bj7VuFXbHdAe/tjB1mgdKLwzkVwDdNnrKNSRFxoApyTLhMkMHbwaVghVHkg56KppK/OPCrBQkrggemujHunvt025f9VaWnqOW6fIfuN5RLFlYVb5flDA4=

      In addition 256 and 384 Bit are also supported

      1. current_pwd.jpg
        46 kB
        Frank Brandt

        Issue Links

          Activity

          Hide
          Pierre-Arnaud Marcelot added a comment -

          Awesome!
          Many thanks for the confirmation.

          Show
          Pierre-Arnaud Marcelot added a comment - Awesome! Many thanks for the confirmation.
          Hide
          Frank Brandt added a comment -

          I retested with todays nightly build and now "Current Password" and "New Password" features are working as expected. Thanks for fixing...

          Show
          Frank Brandt added a comment - I retested with todays nightly build and now "Current Password" and "New Password" features are working as expected. Thanks for fixing...
          Hide
          Pierre-Arnaud Marcelot added a comment -

          Making a link with DIRSERVER-1849.

          Show
          Pierre-Arnaud Marcelot added a comment - Making a link with DIRSERVER-1849 .
          Hide
          Pierre-Arnaud Marcelot added a comment -

          Fixed at revision 1490334.

          http://svn.apache.org/r1490334

          Show
          Pierre-Arnaud Marcelot added a comment - Fixed at revision 1490334. http://svn.apache.org/r1490334
          Hide
          Pierre-Arnaud Marcelot added a comment -

          Ok, thanks for the confirmation.

          We'll then fix both ApacheDS and Apache Directory Studio to support the proper format (without dash).

          Show
          Pierre-Arnaud Marcelot added a comment - Ok, thanks for the confirmation. We'll then fix both ApacheDS and Apache Directory Studio to support the proper format (without dash).
          Hide
          Frank Brandt added a comment -

          I can confirm that there must be no dash in the prefix for Tivoli Directory Server.

          When i try to set a new password using ssha2 methods with Apache Directory Studio
          e.g.

          {SSHA-256}

          SeDG5z855WaMF/e3MhW+PWMtpYpp+oaRdkxmSZzvZKl7R8SraQr/6g==,

          {SSHA-384}

          cJtEaGQPc+TUyDagVh+T66twl3b0tTXLi/phpvJYMXxrxtbNS6Sv83bWydGDTmNdEH9fg5g8SVo= and

          {SSHA-512}

          Zgf4aVFhyri3LT/fs7wpbCxcKK+jMpuMzrSdIxIY9KDFL3YOaK8y9iBTQNOz3sXaWvW047HaUUEwmRnkfhYY0Ezb/nkVkrQg) Tivoli Directory Server wont let me save the new password.

          The same applies for the non-salted versions of the SHA2 algorithm you have added in this release.

          Show
          Frank Brandt added a comment - I can confirm that there must be no dash in the prefix for Tivoli Directory Server. When i try to set a new password using ssha2 methods with Apache Directory Studio e.g. {SSHA-256} SeDG5z855WaMF/e3MhW+PWMtpYpp+oaRdkxmSZzvZKl7R8SraQr/6g==, {SSHA-384} cJtEaGQPc+TUyDagVh+T66twl3b0tTXLi/phpvJYMXxrxtbNS6Sv83bWydGDTmNdEH9fg5g8SVo= and {SSHA-512} Zgf4aVFhyri3LT/fs7wpbCxcKK+jMpuMzrSdIxIY9KDFL3YOaK8y9iBTQNOz3sXaWvW047HaUUEwmRnkfhYY0Ezb/nkVkrQg) Tivoli Directory Server wont let me save the new password. The same applies for the non-salted versions of the SHA2 algorithm you have added in this release.
          Hide
          Pierre-Arnaud Marcelot added a comment -

          Thanks for taking a look.

          Looks like we did something wrong with the hash method prefix.
          I based the implementation of the editor on ApacheDS support for these mechanisms, which uses

          {ssha-256}

          ,

          {ssha-512}

          prefixes.

          Those prefixes appear to be wrong as it looks like there should be no dash ('-') in them.
          Could you confirm that?

          Show
          Pierre-Arnaud Marcelot added a comment - Thanks for taking a look. Looks like we did something wrong with the hash method prefix. I based the implementation of the editor on ApacheDS support for these mechanisms, which uses {ssha-256} , {ssha-512} prefixes. Those prefixes appear to be wrong as it looks like there should be no dash ('-') in them. Could you confirm that?
          Hide
          Frank Brandt added a comment - - edited

          The issue is fixed for setting a new password but showing the current password still shows "Unsupported hash method". (see screenshot) I am using Version: 2.0.0.v20130517

          Show
          Frank Brandt added a comment - - edited The issue is fixed for setting a new password but showing the current password still shows "Unsupported hash method". (see screenshot) I am using Version: 2.0.0.v20130517
          Hide
          Pierre-Arnaud Marcelot added a comment - - edited

          Fixed at revision 1459293.

          http://svn.apache.org/r1459293

          Support for SHA-256, SHA-384 & SHA-512 hashing mechanisms has been added.

          Show
          Pierre-Arnaud Marcelot added a comment - - edited Fixed at revision 1459293. http://svn.apache.org/r1459293 Support for SHA-256, SHA-384 & SHA-512 hashing mechanisms has been added.

            People

            • Assignee:
              Pierre-Arnaud Marcelot
              Reporter:
              Frank Brandt
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development