Redmine

Yes, Redmine.pm can not work when using password encryption in the database.

As we encountered the same problem last week, we modified Redmine.pm (see attached patch file) so that it can -- if necessary -- decrypt the password used for binding to LDAP, using the same logic/process as redmine's own lib/redmine/ciphering.rb (i.e. decrypting values only when there's a key set and the text is encrypted).

We introduced a new apache configuration directive, RedmineDatabaseCipherKey, which must be set to the same database_cipher_key that's used in your config/configuration.yml of your redmine installation. Otherwise, Redmine.pm won't be able to correctly decrypt ciphered LDAP passwords.

The modifications don't change the currently exposed behavior; without RedmineDatabaseCipherKey being set and/or with an unencrypted database no decryption will be performed, leaving the passwords as stored in the database.

Nonetheless two new dependencies are introduced by these modifications: Crypt::CBC and MIME::Base64 are needed to handle the ciphered database contents; maybe these could be handled like the already present dependency on Authen::Simple::LDAP (using e.g. $CanUseCiphering), but that was out of our scope (which was, simply put, "get encrypted LDAP passwords to work").