Hi,
On Mon, Sep 14, 2009 at 15:02, Olivier Texier <olivier.texier(a)gmail.com> wrote:
Hi,
I have a question about LDAP authentication.
In our enterprise, the user password field is encrypted in the LDAP server.
For example userPassword field may be *{MD5}FF34...* or
*{crypt}DgxGD...*That seems to be a standard way of storing passwords
in a LDAP server (I am
not absolutely sure, but I was told).
The problem is that the XWikiLDAPConnection.checkPassword() method seems to
This method is used only if the property
"xwiki.authentication.ldap.validate_password" is enabled (and it's
disabled by default), which should almost never append. This option is
enabled only if you have a configuration where you want to use as
password something which is not supposed to be a password for the LDAP
server.
By default the user/pass is validated using the standard LDAP bind
command which takes a user and a password. In this case the server is
supposed to handle itself the hashing to compare the password since
the client does not have the stored password.
always compare the content of this field with the
clear password which has
been given by the user, in the web login form. Seeing {MD5}, the wiki code
should encode the user password in MD5 and compare it with ldap attribute.
The comparison shouldn't be done in clear text.
Is there a configuration option, a workaround, a way to circumvent it ? I
simply can't go to my IT departement and say : "hey guys, can you put the
password in clear text and change all our infrastructure for the wiki
authentication to work ?"
Is the only solution I see is to hack the xwiki code. Is it true ? I have no
much time to make it, and it will be very difficult to sell this option to
my bosses.
Thank you for all your work anyway. Xwiki is a truly great tool.
Olivier
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Thomas Mortagne