Removing the user's password from UnboundId LDAP search results

Question

Using ApacheDS, I can do DefaultDirectoryService#setPasswordHidden to ensure that when I make LDAP queries, the records that come back remove the userPassword attribute from the result set.

How would I achieve the same using UnboundId, say with InMemoryDirectoryServer?

score 1 · Answer 1 · answered Oct 25 '18 at 19:31

I was able to achieve this by creating my own InMemoryOperationInterceptor:

static class PasswordRemovingOperationInterceptor 
    extends InMemoryOperationInterceptor {

    @Override
    public void processSearchEntry(InMemoryInterceptedSearchEntry entry) {
        if (!entry.getRequest().getAttributeList().contains("userPassword")) {
            if (entry.getSearchEntry().getAttribute("userPassword") != null) {
                Entry old = entry.getSearchEntry();
                Collection<Attribute> attributes = old.getAttributes().stream()
                    .filter(attribute -> 
                        !"userPassword".equals(attribute.getName()))
                    .collect(Collectors.toList());
                Entry withoutPassword = new Entry(old.getDN(), attributes);
                entry.setSearchEntry(withoutPassword);
            }
        }
    }
}

And then adding this to the startup configuration:

InMemoryDirectoryServerConfig config = ...;
config.addInMemoryOperationInterceptor(new PasswordRemovingOperationInterceptor());

Is there a more elegant way, though?

Removing the user's password from UnboundId LDAP search results

1 Answers1