[horde] Patch - New "Encryption" type added to framework Auth.php for MS Active Directory unicodePwd encoding.

[LRM]

Jan,

Trying to follow your suggestion of using String::convertCharset, the
following issue arises:

http://support.microsoft.com/default.aspx?scid=kb;en-us;263991

According to MS, the encoded "newPassword" (with double quotes, another
requirement for the unicodePwd vaule) is equal to the following encoded
string:

IgBuAGUAdwBQAGEAcwBzAHcAbwByAGQAIgA=

So,

$plaintext = 'newPassword';

$encrypted = '"' . $plaintext . '"';
$encrypted = mb_convert_encoding($encrypted, "UTF-16LE", "ISO-8859-1");
$encrypted = base64_encode($encrypted);

Result encoded: IgBuAGUAdwBQAGEAcwBzAHcAbwByAGQAIgA=

Using mb_convert_encoding with those parameters returns an identical encoded
string as MS example.

But,

$encrypted = '"' . $plaintext . '"';
$encrypted = String::convertCharset($encrypted, "ISO-8859-1", "UTF-16LE");
$encrypted = base64_encode($encrypted);

Result Encoded: IgBuAGUAdwBQAGEAcwBzAHcAbwByAGQAIgB4

Using your suggested String::convertCharset returns a different encoded
string.

Any suggestions/toughts?

Regards

LRM

-----Original Message-----
From: horde-bounces at lists.horde.org [mailto:horde-bounces at lists.horde.org]
On Behalf Of Jan Schneider
Sent: Monday, May 03, 2004 5:14 AM
To: horde at lists.horde.org
Subject: Re: [horde] Patch - New "Encryption" type added to
frameworkAuth.php for MS Active Directory unicodePwd encoding.

Zitat von LRM <lrm at ionline.com.br>:

> HEAD - Added a new "encryption" type to Auth.php - "msad" - which is
useful
> to convert plaintext into Microsoft's unique encoding used on AD
attributes
> like the unicodePwd.
>
>
>
> I needed this for the passwd patch I'm working on trying to make Horde
> change users passwords on Active Directory. Produces same encoded strings
as
> seen on MS articles about the subject.
>
>
>
> Please lemme know any issues/suggestions/etc.

Looks good, but please use String::convertCharset() for the charset
conversion.

Jan.