Hi,
On Mon, Sep 14, 2009 at 15:02, Olivier Texier <[email protected]> wrote:
> Hi,
>
> I have a question about LDAP authentication.
> In our enterprise, the user password field is encrypted in the LDAP server.
> For example userPassword field may be *{MD5}FF34...* or
> *{crypt}DgxGD...*That seems to be a standard way of storing passwords
> in a LDAP server (I am
> not absolutely sure, but I was told).
>
> The problem is that the XWikiLDAPConnection.checkPassword() method seems to
This method is used only if the property
"xwiki.authentication.ldap.validate_password" is enabled (and it's
disabled by default), which should almost never append. This option is
enabled only if you have a configuration where you want to use as
password something which is not supposed to be a password for the LDAP
server.
By default the user/pass is validated using the standard LDAP bind
command which takes a user and a password. In this case the server is
supposed to handle itself the hashing to compare the password since
the client does not have the stored password.
> always compare the content of this field with the clear password which has
> been given by the user, in the web login form. Seeing {MD5}, the wiki code
> should encode the user password in MD5 and compare it with ldap attribute.
> The comparison shouldn't be done in clear text.
>
> Is there a configuration option, a workaround, a way to circumvent it ? I
> simply can't go to my IT departement and say : "hey guys, can you put the
> password in clear text and change all our infrastructure for the wiki
> authentication to work ?"
>
> Is the only solution I see is to hack the xwiki code. Is it true ? I have no
> much time to make it, and it will be very difficult to sell this option to
> my bosses.
>
> Thank you for all your work anyway. Xwiki is a truly great tool.
>
> Olivier
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.xwiki.org/mailman/listinfo/users
>
--
Thomas Mortagne
_______________________________________________
users mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/users
