0

I've been asked to store hashed data in a LDAP server. Putting hashed passwords is easy but I'm not sure if LDAP allows to store data like email hashed or even encrypted.

Creating a LDIF file with a string "{MD5}contents" gives me no errors but I don't know how to retrieve this information once it's stored.

Any help?

F3RD3F
  • 155
  • 1
  • 1
  • 6
  • 4
    Do you know how to retrieve *any* data from LDAP? Retrieving some field with hashed data is in no way different than retrieving any other kind of data. You read it, store it into a variable and use this variable however you need. – Sven Sep 17 '12 at 13:00

1 Answers1

4

There is no magic here - you can store hashed data in any text field, you just need to hash the data before it goes to the server (most LDAP servers will helpfully hash passwords for you if they appear to be plaintext - that's not done for you with other text field types).

Similarly you can store encrypted data in any text field (provided it can be represented as text) - Just encrypt it before you put it in, and decrypt it after you take it out.

A Note on Nomenclature:

A one-way hash (what we do to passwords) is NOT the same as reversible encryption (what we do to data, for example with SSL).
With one-way hashes you (theoretically) can't ever get the data back again. If you store an MD5 hash of an email address you can verify that the user has provided the same email address later (because the hashes will match), but you can't tell them what the email address they gave you was based on the hash.

voretaq7
  • 79,879
  • 17
  • 130
  • 214