Create a Superuser Administrator for the DSA using different hashing Algorithm "SHA-256", "SHA-512", "SSHA-512"

Document ID : KB000016566
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

 

Create a Superuser Administrator Password for DSA using Advanced hash algorithm such as "SHA-256", "SHA-512", "SSHA-512" via JXplorer:

If I create a user in the directory using JXplorer and use "SHA" as the password hash method, then I can then perform a dxsearch or an ldapsearch using this user and password. However if I use any other password hash method (e.g. "SHA-256", "SHA-512", "SSHA-512"), then when I try to perform the exact same dxsearch or ldapsearch, then it fails with an error message of "invalid credentials".

Answer:

There is a known bug in JXplorer, that does not handle non SHA1 entries correctly and adds whitespace in the middle of the userPassword hash value:

https://communities.ca.com/message/241904039?commentID=241904039#comment-241904039

A workaround is :

1. Open Jxplorer, open a connection to the DSA

2. Select the 'User' -> go to "userPassword" attribute.

3. Change the hashing algorithm to use "SHA-512" or higher encryption algorithm

4. Go to "Advanced Editor" and remove whitespaces (in the middle of) in the "ldap value", click OK.

5. Submit.

6. Reconnect to JXplorer using the user credentials. (or) perform a dxsearch or an ldapsearch using this user and password.

Or an alternatively another LDAP client such as Apache DS could be used.