Novell is now a part of Micro Focus

I'm using the Java code below to verify...

Articles and Tips: qna

01 Jun 2003


Q.

I'm using the Java code below to verify a user's password against eDirectory (NetWare 6, LDAP v3 for Novell eDirectory 8.6.2 Version 10350.12 26 February 2003). I have found out that certain characters (e.g. European characters such as a ring and also some more generic characters such as *) in the password are causing password verify failures, even though the password itself works correctly with other authentication methods. How should I handle these special characters?

public static synchronized boolean testPasswordLDAP(String LDAPusername, String password)
{
   //Hashtable for environmental information
   Hashtable env = new Hashtable();
   DirContext ctx;

   boolean returnValue = false;
   
   env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.
	       LdapCtxFactory");
   env.put(Context.PROVIDER_URL,"ldap://127.0.0.1");
   
   try {
         ctx = new InitialDirContext(env);
   }
   catch (Exception e) {
      return false; 
      //System.out.println(e.getExplanation());
   }
   
   String searchFilter ="(userPassword=" + password +")";
   
   SearchControls constraints = new SearchControls();
   
   constraints.setSearchScope(SearchControls.OBJECT_SCOPE);
      constraints.setReturningAttributes(new String[0]);
   
   try{
         NamingEnumeration results = ctx.search(LDAPusername,
		  search Filter,constraints);
   
   if(results.hasMore())
         {
            // If the code gets here the authentication was successful
			 returnValue = true;
         }
         results.close();
   }
   catch(Exception e){}
   finally{
      try{
         ctx.close();
      }
      catch (Exception e) {}
   }
   
   return returnValue;
}

A.

When I tested a password using "*" or "(", I got an invalid filter exception, because while it ultimately performs a password compare, it's starting out as a search filter, and you must conform to RFC 2254. So for a password that looks like "novell(", I can use "novell\28" which is the escaped hex value of the "(" character.

The international characters may be a bit different, depending on how you have created the passwords. If you created the passwords through an LDAP client, LDIF, etc., they were stored as UTF-8 characters and RFC2254 use of UTF-8 escaped characters should work for you. Some Novell tools, such as ConsoleOne, unfortunately use a local codepage when setting the characters. This will cause a problem when using UTF8 characters in the search. This is slated for resolution in the next release.

* Originally published in Novell AppNotes

Disclaimer

The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.

© Copyright Micro Focus or one of its affiliates