Patch #17368
open
Enable encrypted LDAP passwords with Redmine.pm
0%
Description
The attached patch resolves Defect #10963; it enables extra/svn/Redmine.pm to decrypt passwords used for LDAP binding in case the Redmine database is encrypted using lib/redmine/ciphering.rb configured via database_cipher_key in config/configuration.yml.
It introduces a new apache configuration directive, RedmineDatabaseCipherKey, which must be set to the same database_cipher_key that's used in the config/configuration.yml of your redmine installation. Otherwise, Redmine.pm won't be able to correctly decrypt ciphered LDAP passwords.
The modifications don't change the currently exposed behavior; without RedmineDatabaseCipherKey being set and/or with an unencrypted database no decryption will be performed, leaving the passwords as stored in the database.
Two additional perl modules must be installed to decrypt ciphered passwords: Crypt::CBC and MIME::Base64. If these modules are not available for Redmine.pm, no decryption will be performed.
Files
Related issues
Updated by Toshi MARUYAMA over 10 years ago
- Related to Defect #10963: Encrypting LDAP/Repos passwords on the database prevent LDAP Authentification on Repos/Apache from working added
Updated by Toshi MARUYAMA over 10 years ago
FTR:
#10963#note-6 has more description.
Updated by
Updated by jonathan ferguson over 7 years ago
I am also running this patch in a major production environment with over 500 users. I encourage the redmine devs to evaluate it and admit it into the master branch.