Wednesday Apr 08, 2015

New OUD Source Code plugin examples

I've just published a couple of OUD plugin examples to help customers develop their own extensions.

The ZIP package includes 2 plugin examples to demonstrate the richness of OUD plugin API. The FilterDistributor can be used to route bind request to 2 different workflow elements based on a condition present on the user entry about to be used for authentication. The PasswordSchemeUpgrade  can be used to migrate passwords from one storage/encryption scheme to another.

Plugins examples are available at http://www.oracle.com/technetwork/middleware/id-mgmt/learnmore/oid-demos-182820.html

OUD Plugin API reference is available at http://docs.oracle.com/cd/E49437_01/apirefs.111220/e38583/index.html

OUD Plugin Developer Guide is available at http://docs.oracle.com/cd/E49437_01/doc.111220/e38455/toc.htm

Thursday Oct 03, 2013

Reusing passwords encoded with custom hash in OUD

Existing user passwords can be easily migrated to OUD as long as they are hashed with an algorithm supported OOTB by Oracle Unified Directory. The list of password storage schemes supported by OUD is available at http://docs.oracle.com/cd/E22289_01/html/821-1278/password-storage-scheme.html

In some situations, legacy passwords to be migrated are hashed with custom algorithms or old hash algorithms not supported by OUD.  The OUD Extensible Framework can be used to reuse these passwords and migrate them transparently to a new & configurable password storage scheme, without forcing users to change their password.

The proposed plugin intercepts bind requests and add pre&post processing to handle custom algorithm and migrate the password to a new scheme. Here is the high level algorithm:

§1. Plugin intercepts LDAP bind request as a pre-operation plugin

§2. Determine if the password stored in the user entry has a custom hash tag e.g {Custom}

§3a. If the entry has the custom hash, then hash the clear text password provided by the LDAP client using the custom password hash.

§3b. If the entry does not have the custom hash, the skip to step 6

§4. Compare the hashed value computed from the clear text password with the custom hash contained in the entry.

§5. If the hash compare matches, then replace the existing custom hashed password with the hash algorithm defined by the default password hash storage scheme.

§6. Then pass the bind through to OUD to bind.

§7. OUD will hash the clear text value using the default password hash storage scheme and compare with the value in the directory.

Step 6 always forwards the bind request to the OUD core server to make sure the password policy states are properly updates.

User passwords are migrated progressively over time to the new password storage scheme as users authenticate to the OUD directory. The plugin can them be desactivated when all the passwords have been migrated.


Thursday Feb 18, 2010

Browsing LDAP services from within Netbeans

Just to let you know that Allan Lykke Christensen has just released a new version of the LDAP explorer for Netbeans.
LDAP Explorer is a module for NetBeans providing a simple interface for browsing LDAP services from within NetBeans. 

You can download the latest release from the NetBeans Plugin Portal, http://plugins.netbeans.org/PluginPortal/faces/PluginDetailPage.jsp?pluginid=25684
More info on Allan's blog at http://blogs.i2m.dk/allan/

About


I am Sylvain Duloutre, I work as a Software Architect in the Oracle Directory Integration Team, the customer-facing part of Directory Services & Identity Management Product Development, working on Technical Field Enablement.

The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.

Search

Archives
« April 2015
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
7
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
  
       
Today