Patch #17368

Enable encrypted LDAP passwords with

Added by Marcus Schmid about 8 years ago. Updated about 5 years ago.

Status:NewStart date:
Priority:LowDue date:
Assignee:-% Done:


Category:SCM extra
Target version:-


The attached patch resolves Defect #10963; it enables extra/svn/ to decrypt passwords used for LDAP binding in case the Redmine database is encrypted using lib/redmine/ciphering.rb configured via database_cipher_key in config/configuration.yml.

It introduces a new apache configuration directive, RedmineDatabaseCipherKey, which must be set to the same database_cipher_key that's used in the config/configuration.yml of your redmine installation. Otherwise, won't be able to correctly decrypt ciphered LDAP passwords.

The modifications don't change the currently exposed behavior; without RedmineDatabaseCipherKey being set and/or with an unencrypted database no decryption will be performed, leaving the passwords as stored in the database.

Two additional perl modules must be installed to decrypt ciphered passwords: Crypt::CBC and MIME::Base64. If these modules are not available for, no decryption will be performed.

ciphered_ldap_passwords4Redmine_pm.diff Magnifier (2.66 KB) Marcus Schmid, 2014-07-02 16:44

Related issues

Related to Redmine - Defect #10963: Encrypting LDAP/Repos passwords on the database prevent ... Closed


#1 Updated by Toshi MARUYAMA about 8 years ago

  • Related to Defect #10963: Encrypting LDAP/Repos passwords on the database prevent LDAP Authentification on Repos/Apache from working added

#2 Updated by Toshi MARUYAMA about 8 years ago

#10963#note-6 has more description.

#3 Updated by Jonathan Tee over 7 years ago


#4 Updated by jonathan ferguson about 5 years ago

I am also running this patch in a major production environment with over 500 users. I encourage the redmine devs to evaluate it and admit it into the master branch.

Also available in: Atom PDF