> I'm thinking the only password that might be allowed to be clear should be the admin password.
Now you have a double standard. Added complexity in the authentication code. I think it *should* be hard to reset the admin password, teach you not to forget it in the first place, we charge our users five dollars for a password reset ;-) I don't suppose I'm the only one to load a res.users.csv with the admin and some other user data in it. Also various backups lying around. I'm going to have to be a lot more careful with all these files if they have a clear admin password in them. -- You received this bug notification because you are a member of C2C OERPScenario, which is subscribed to the OpenERP Project Group. https://bugs.launchpad.net/bugs/738721 Title: base_crypt and users_ldap don't work together Status in OpenERP Modules (addons): Confirmed Bug description: I installed and configured users_ldap so that all of my users can login using their credentials stored in OpenLDAP, which worked fine. Then I installed base_crypt (with the intention of all other passwords in the db, for non-ldap-users like 'admin') being encrypted. However, this prevents all LDAP users from logging in. I suppose that base_crypt tries to authenticate the user and if this fails, login fails, without users_ldap trying to authenticate. I think this behaviour should be changed towards: 1. Check whether user can login using the (possibly encrypted) password in the database. 2. If not, check whether user can login using the LDAP password. 3. If now, refuse access. Right now, the second step seems to be omitted when base_crypt is used. _______________________________________________ Mailing list: https://launchpad.net/~c2c-oerpscenario Post to : [email protected] Unsubscribe : https://launchpad.net/~c2c-oerpscenario More help : https://help.launchpad.net/ListHelp
