Is there a way to change LDAP password without having "unicodePwd" attribute

Question

In my LDAP directory I don't have attribute called unicodePwd.

All I have us userPassword.

I wrote java to change userPassword attribute. However, it is storing it as plain text. For example, if I want my new password to be newpassword,

LDAP stores it as newpassword and it doesn't hash it.

I can't authenticate with this password once it is changed.

Part of my code where I am doing this:

String quotedPassword = "\"" + newPassword + "\"";
            byte[] newUnicodePassword = quotedPassword.getBytes("UTF-16LE");

            //String newpass = new String(pwdArray, "UTF8");
            mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userPassword", newUnicodePassword));

            // Perform the update
            ctx.modifyAttributes(userName, mods);

I changed this code so it passes hashed password, but it is still not authenticating...

MessageDigest md = MessageDigest.getInstance("SHA-256");
            md.update(newPassword.getBytes("UTF-16LE"));

            byte byteData[] = md.digest();

            //convert the byte to hex format method 1
            StringBuffer sb = new StringBuffer();
            for (int i = 0; i < byteData.length; i++) {
             sb.append(Integer.toString((byteData[i] & 0xff) + 0x100, 16).substring(1));
            }

            //String newpass = new String(pwdArray, "UTF8");
            mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userPassword", sb.toString()));

            // Perform the update
            ctx.modifyAttributes(userName, mods);

Answer 1

You have to use a LDAP extended operation to do that so the server will handle it correctly, for details : http://www.rfc-editor.org/rfc/rfc3062.txt