Dear Olivier,
I am in the exact same situation, and I am unable to make it work.
From this mailing list archive you can understand that xwiki requires
a plain text login through secure channel between xwiki and ldap if
I'm correct. I am stuck for months with this because my ldap server
won't be change for this :-(
Best regards,
Christophe
Le 14 sept. 09 à 15:02, Olivier Texier a écrit :
> Hi,
>
> I have a question about LDAP authentication.
> In our enterprise, the user password field is encrypted in the LDAP
> server.
> For example userPassword field may be *{MD5}FF34...* or
> *{crypt}DgxGD...*That seems to be a standard way of storing passwords
> in a LDAP server (I am
> not absolutely sure, but I was told).
>
> The problem is that the XWikiLDAPConnection.checkPassword() method
> seems to
> always compare the content of this field with the clear password
> which has
> been given by the user, in the web login form. Seeing {MD5}, the
> wiki code
> should encode the user password in MD5 and compare it with ldap
> attribute.
> The comparison shouldn't be done in clear text.
>
> Is there a configuration option, a workaround, a way to circumvent
> it ? I
> simply can't go to my IT departement and say : "hey guys, can you
> put the
> password in clear text and change all our infrastructure for the wiki
> authentication to work ?"
>
> Is the only solution I see is to hack the xwiki code. Is it true ? I
> have no
> much time to make it, and it will be very difficult to sell this
> option to
> my bosses.
>
> Thank you for all your work anyway. Xwiki is a truly great tool.
>
> Olivier
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/users
