Modifying the UserMappingCryptoLDAP sample file (Java programming language)

To implement the security methods that the LDAP server uses, modify functions that encrypt, decrypt, encode, and decode remote passwords.

About this task

Because encryption methods must be secret and unique, this task specifies the sections and functions to modify. You customize the code to implement the security methods that your LDAP server uses.

To modify the security functions in the UserMappingCryptoLDAP file:

Procedure

  1. Open the UserMappingCryptoLDAP.java file with a text editor.
  2. Below the IBM® copyright and legal disclaimer, import the packages that your code will reference.
    The sample plug-in uses the javax.crypto and javax.crypto.spec Java™ packages, which provide the classes for the cipher (encrypting and decrypting), as well the key and algorithm parameters. Replace these Java packages with your own.
  3. Update the following functions:
    public UserMappingCryptoLDAP()
    Replace the code for the cipher with the code for the cipher that matches the password encryption that your LDAP server uses.
    public byte[] encrypt(byte[] plainValue)
    This function provides the code that encrypts the passwords so that they can be stored on the LDAP server. This function also encrypts the LDAP connection password that is stored in the configuration file.

    Replace the code for this function with your own code that encrypts the plainValue parameter.

    public byte[] decrypt(byte[] encryptedValue)
    Replace the code for this function with your own code that decrypts the encryptedValue parameter.
    private SecretKey getKey()

    Replace the code for this function with the code to provide the plug-in with the key that is used to encrypt and decrypt your passwords.

    public byte[] decode(String string)
    The passwords are first encrypted and then encoded. This function provides the code for decoding the passwords before the passwords are decrypted. The encrypted passwords are encoded to transform the binary output of the encrypted password into ASCII characters.

    Replace the code for this function with your own code that decodes the string parameter.

    public String encode(byte[] bytes)
    The passwords are first encrypted and then encoded. This function provides the code for encoding the binary output of the encrypted passwords. The encrypted passwords are encoded to transform the binary output of the encrypted password into ASCII characters.

    Replace the code for this function with your own code that encodes the bytes parameter.