Verify LDAP user password with SSHA-512 hash method

Question

I am using OpenLDAP to store user information. User entry is an inetOrgPerson object. I use Apache Directory Studio to add userPassword with SSHA-512 hash method.

How can I verify input user password with the password stored in LDAP in my Java application?

Answer 1

• Consider not providing a pre-encoded password to the directory server - this prevents the server from checking password quality and managing password history. Transmit the password in clear-text using a secure connection. Configure the server to only accept secure connections or to reject operations other than StartTLS on a non-secure connection.
• The LDAP BIND operation is used to change the authorization state of a connection. The LDAP client transmits a BIND request to the server, the server then matches the provided credentials with the credentials store in the user entry and if successful, changes the authorization state of the connection.

Read an example using the UnboundID LDAP SDK.