Patch #17368

Enable encrypted LDAP passwords with Redmine.pm

Added by Marcus Schmid over 3 years ago. Updated 4 months ago.

Status:NewStart date:
Priority:LowDue date:
Assignee:-% Done:

0%

Category:SCM extra
Target version:-

Description

The attached patch resolves Defect #10963; it enables extra/svn/Redmine.pm to decrypt passwords used for LDAP binding in case the Redmine database is encrypted using lib/redmine/ciphering.rb configured via database_cipher_key in config/configuration.yml.

It introduces a new apache configuration directive, RedmineDatabaseCipherKey, which must be set to the same database_cipher_key that's used in the config/configuration.yml of your redmine installation. Otherwise, Redmine.pm won't be able to correctly decrypt ciphered LDAP passwords.

The modifications don't change the currently exposed behavior; without RedmineDatabaseCipherKey being set and/or with an unencrypted database no decryption will be performed, leaving the passwords as stored in the database.

Two additional perl modules must be installed to decrypt ciphered passwords: Crypt::CBC and MIME::Base64. If these modules are not available for Redmine.pm, no decryption will be performed.

ciphered_ldap_passwords4Redmine_pm.diff Magnifier (2.66 KB) Marcus Schmid, 2014-07-02 16:44


Related issues

Related to Redmine - Defect #10963: Encrypting LDAP/Repos passwords on the database prevent ... Closed

History

#1 Updated by Toshi MARUYAMA over 3 years ago

  • Related to Defect #10963: Encrypting LDAP/Repos passwords on the database prevent LDAP Authentification on Repos/Apache from working added

#2 Updated by Toshi MARUYAMA about 3 years ago

FTR:
#10963#note-6 has more description.

#3 Updated by Jonathan Tee over 2 years ago

+1

#4 Updated by jonathan ferguson 4 months ago

I am also running this patch in a major production environment with over 500 users. I encourage the redmine devs to evaluate it and admit it into the master branch.

Also available in: Atom PDF