Embedded LDAP server LdapAuth3: support hashed passwords (sha1, sha-256) Note that none of the currently supported hash are safe against brute force attacks. If ldapFilter property does not contain any occurrence of "${password}", the user DN found via the filter expression will be authenticated via a regular LDAP bind operation, using the entered password. In this case, with embedded LDAP server, but probably also with others, hashed passwords are supported and make sense. Change-Id: I725832a2faa484623edcebeeeb727b23b6186de2

commit: 30925d8af8acfd3586446cbae9da11130e844884 [log] [tgz]
author: Marc Kupietz <kupietz@ids-mannheim.de> Fri May 06 15:33:52 2022 +0200
committer: Marc Kupietz <kupietz@ids-mannheim.de> Sat May 14 15:56:40 2022 +0200
tree: 20119802fc7b9cf5a80edf6f8f421561d006bf84
parent: 9a1188e33fe7f3226efae5437c7798dceffffb79 [diff]
diff --git a/full/src/test/resources/test-embedded-ldap-users.ldif b/full/src/test/resources/test-embedded-ldap-users.ldif
new file mode 100644
index 0000000..8760df9
--- /dev/null
+++ b/full/src/test/resources/test-embedded-ldap-users.ldif

@@ -0,0 +1,46 @@
+dn: dc=example,dc=com
+dc: example
+ou: people
+objectClass: dcObject
+objectClass: organizationalUnit
+
+dn: ou=people,dc=example,dc=com
+ou: people
+objectClass: organizationalUnit
+
+dn: uid=user,ou=people,dc=example,dc=com
+cn: user
+uid: user
+mail: user@example.com
+userPassword: {BASE64}cGFzc3dvcmQ=
+
+dn: uid=user1,ou=people,dc=example,dc=com
+cn: user1
+uid: user1
+mail: user1@example.com
+userPassword: {CLEAR}password1
+
+dn: uid=user2,ou=people,dc=example,dc=com
+cn: user2
+uid: user2
+mail: user2@example.com
+userPassword: password2
+
+dn: uid=user3,ou=people,dc=example,dc=com
+cn: user3
+uid: user3
+mail: user3@example.com
+userPassword: {SHA}ERnP037iRzV+A0oI2ETuol9v0g8=
+
+dn: uid=user4,ou=people,dc=example,dc=com
+cn: user4
+uid: user4
+mail: user4@example.com
+userPassword: {SHA256}uXhzpA9zq+3Y1oWnzV5fheSpz7g+rCaIZkCggThQEis=
+
+dn: uid=user5,ou=people,dc=example,dc=com
+cn: user5
+uid: user5
+mail: user5@example.com
+userPassword: {PBKDF2-SHA256}26PFrg++/nI8YOiHum5MyAMp0HdqKMNOcLpY5RuO2bY=
+

diff --git a/full/src/test/resources/test-embedded-ldap.conf b/full/src/test/resources/test-embedded-ldap.conf
new file mode 100644
index 0000000..fb9e079
--- /dev/null
+++ b/full/src/test/resources/test-embedded-ldap.conf

@@ -0,0 +1,10 @@
+# default and sample configuration for an automatically starting
+# embedded LDAP server
+host=localhost
+port=3267
+searchBase=dc=example,dc=com
+sLoginDN=cn=admin,dc=example,dc=com
+pwd=admin
+searchFilter=(uid=${login})
+useEmbeddedServer=true
+ldifFile=src/test/resources/test-embedded-ldap-users.ldif
commit	30925d8af8acfd3586446cbae9da11130e844884	[log] [tgz]
author	Marc Kupietz <kupietz@ids-mannheim.de>	Fri May 06 15:33:52 2022 +0200
committer	Marc Kupietz <kupietz@ids-mannheim.de>	Sat May 14 15:56:40 2022 +0200
tree	20119802fc7b9cf5a80edf6f8f421561d006bf84
parent	9a1188e33fe7f3226efae5437c7798dceffffb79 [diff]