Active Directory authentication in liferay

Hi,

My client wants to know how the password for the active directory gets sent to the active directory host.
Is it seriazed, hashed or sent as plain text?

Thanks in advance

Hi Yolande,

Liferay gives you various methods of connecting to LDAP. Of course, the preferred method is BIND, which Liferay defaults to, and in that case, Liferay doesn't have to store the LDAP password in the database. For binding, encryption is provided by the com.sun.crypto.provider.SunJCE class. If you elect to use the password-compare method, Liferay offers many different algorithms you can choose:

ldap.auth.password.encryption.algorithm=BCRYPT
ldap.auth.password.encryption.algorithm=MD2
ldap.auth.password.encryption.algorithm=MD5
ldap.auth.password.encryption.algorithm=NONE
ldap.auth.password.encryption.algorithm=SHA
ldap.auth.password.encryption.algorithm=SHA-256
ldap.auth.password.encryption.algorithm=SHA-384
ldap.auth.password.encryption.algorithm=SSHA
ldap.auth.password.encryption.algorithm=UFC-CRYPT

Hope this helps!

--Rich

Hi Rich,

That was very helpful, but could you please explain the bind process?

Is this for the passwords for liferay users or for the configured LDAP connection?

My client is mainly concerned with the LDAP connection password(for the moment).

Thanks in advance
Yolande

Hi Yolande,

This all, of course, depends on how your LDAP directory is configured. If you're running LDAP unsecured (i.e., the ldap:// protocol), passwords are in the clear. If you're running LDAP secured (ldaps://), passwords are encrypted.

Instructions for connecting Liferay in a secure way to LDAP are in Liferay's documentation here, and it uses Active Directory as the example:

http://www.liferay.com/documentation/liferay-portal/6.0/administration/-/ai/global-server-settin-4

Hope this helps!

--Rich