By: Jordan Hollinger user 15 Sep 2015 at 12:03 p.m. CDT

3 Responses
Jordan Hollinger gravatar
The LDAP server bundled with Gluu appears to support passwords in the SSHA-512 format. I'm able to set a password in that format with Apache Directory Studio, and Gluu recognizes it on login. But I need to generate the SSHA-512 passwords elsewhere (in Ruby), then push them to LDAP. (Don't ask - it's a necessary part of our migration path to LDAP/Gluu.) I've scoured the Web, but I can't find any examples of how to generate an LDAP-compatible SSHA-512 password in any language. Can anyone provide an example for doing this? Doesn't even have to be in Ruby - just some example in any language. Or if there's a more secure algorithm Gluu/OpenDJ supports I'd be glad to use it instead.

By Ganesh Dutt Sharma staff 15 Sep 2015 at 4:44 p.m. CDT

Ganesh Dutt Sharma gravatar
Hi Jordan, The best way should be to use the opendj's binary itself. Here is the example: ./encode-password -c 'cleartextpass' -s SSHA512 Encoded Password: "{SSHA512}XpvN0bcjmH7bzVwyqivnZgfEQRsIgog3FOI+5/2JWeOtpDm4V4wU0rP4tXnqB1LvlMaIL6E+dwuJNf3uSE9qpMBjgg/kZumn" encode-password binary exists in $OPENDJ_HOME/bin/ i.e /opt/opendj/bin or wherever you decide to install opendj. Further thoughts are welcome.

By Jordan Hollinger user 16 Sep 2015 at 10:15 a.m. CDT

Jordan Hollinger gravatar
That's not really an option as we have to do this at scale in production for awhile, to accomplish a graceful migration. But from your example I was able to track down the relevant Java code in Gluu's OpenDJ fork and port it to Ruby. Thanks! require 'securerandom' require 'digest/sha2' require 'base64' plaintext = ARGV[0] salt = SecureRandom.random_bytes(8) digest = Digest::SHA512.digest("#{plaintext}#{salt}") encoded = Base64.strict_encode64(digest salt) ssha512pw = "{ssha512}#{encoded}"

By Rassiel Rebustillo user 18 Jan 2016 at 7:10 p.m. CST

Rassiel Rebustillo gravatar
Hi Jordan, do you remember where you found that code? I need to do something similar using .NET.