On Mon, Mar 9, 2009 at 11:47, Christophe GRAVIER <christophe.grav...@telecom-st-etienne.fr> wrote: > Dear XWiki users, > > I have been looking for authenticating my xwiki users against a LDAP > directory (OpenLdap, debian box), where the userPassword field is > encrypted using the SHA algorithm. > > Unfortunately, I am not able to configure xwiki to encrypt the > password entered by the user before the authentication and > authorization process. > > I receive the following snip, after enabling ldap logging in a custom > log4j.properties file as indicated in the doc: > com.xpn.xwiki.XWikiException: Error number 8001 in 8: LDAP > authentication failed: could not validate the password: wrong password > for uid=gravier.christophe,ou=xxx,o=yyyy,c=fr > > The configuration is nevertheless good in overall, because I can log > in if I store my password as plain text binary in my LDAP server (but > I don't want it to be plain text in the LDAP server of course...). > > I have been searching the documentation, FAQ and user/dev mailing > lists, and I only found encryption related to cookie storage, or SHA > encryption for xwiki-webdav module > (http://xwiki.markmail.org/message/k2r2qqu2twjputml?q=ldap+SHA > ) developpers' thoughts. > > Does someone have any clue on how to configure xwiki for encrypted > userPassword stored in OpenLDAP please ? >
I guess sent password encrypted to LDAP server would be the best for security but anyway it's generally LDAP server work to encrypt received password, not client. I have password in my LDAP server (ApacheDS) stored encrypted and it works perfectly (it's even how I always used it). I don't know OpenLDAP very well but it should have some way to have encrypted password in the database even if the client sent not encrypted password. > Thank you in advance for any information in this matter ! > > Best Regards, > > Ch. Gravier > > -- > Dr.-Ing. Christophe Gravier > DIOM laboratory - http://diom.telecom-st-etienne.fr/ > TELECOM Saint-Étienne (formerly "Istase") - http://www.telecom-st-etienne.fr/ > > Jabber ID : gravier.christo...@jabber.istase.com > Homepage: http://diom.telecom-st-etienne.com/public/cgravier/ > Research project: http://diom.istase.fr/satin/einst/ > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users