+1 to remove that option. - Dave
On Sat, Aug 2, 2014 at 12:24 PM, Glen Mazza <glen.ma...@gmail.com> wrote: > Hi team, we have a "users.sso.passwords.save" parameter in our > roller.properties defined as follows: > > # If you don't want user credentials from LDAP to be stored in Roller > # (possibly in clear-text) leave this alone, otherwise set to true. > # i.e. you would like a backup auth mechanism in case LDAP is down. > users.sso.passwords.save=false > > Our security.xml does not support a fallback mechanism to rollerdb if LDAP > is down, I doubt anyone wants to code that, and I'd rather we not be > duplicating LDAP passwords within the Roller database anyway. It's a > security issue to store passwords in multiple places, plus companies > normally require LDAP passwords to be changed every couple of months or so, > causing the LDAP passwords being stored in Roller to fall out of sync. > > If a company's LDAP server is down they'll have bigger problems than their > blog server, and if they want to use LDAP they should have a backup > solution already in place in case their LDAP server goes down. WDYT? > > Regards, > Glen >
