Project

General

Profile

Actions

Patch #17368

open

Enable encrypted LDAP passwords with Redmine.pm

Added by Marcus Schmid over 9 years ago. Updated over 6 years ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
SCM extra
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

The attached patch resolves Defect #10963; it enables extra/svn/Redmine.pm to decrypt passwords used for LDAP binding in case the Redmine database is encrypted using lib/redmine/ciphering.rb configured via database_cipher_key in config/configuration.yml.

It introduces a new apache configuration directive, RedmineDatabaseCipherKey, which must be set to the same database_cipher_key that's used in the config/configuration.yml of your redmine installation. Otherwise, Redmine.pm won't be able to correctly decrypt ciphered LDAP passwords.

The modifications don't change the currently exposed behavior; without RedmineDatabaseCipherKey being set and/or with an unencrypted database no decryption will be performed, leaving the passwords as stored in the database.

Two additional perl modules must be installed to decrypt ciphered passwords: Crypt::CBC and MIME::Base64. If these modules are not available for Redmine.pm, no decryption will be performed.


Files


Related issues

Related to Redmine - Defect #10963: Encrypting LDAP/Repos passwords on the database prevent LDAP Authentification on Repos/Apache from workingClosed

Actions
Actions #1

Updated by Toshi MARUYAMA over 9 years ago

  • Related to Defect #10963: Encrypting LDAP/Repos passwords on the database prevent LDAP Authentification on Repos/Apache from working added
Actions #2

Updated by Toshi MARUYAMA over 9 years ago

FTR:
#10963#note-6 has more description.

Actions #3

Updated by Jonathan Tee almost 9 years ago

+1

Actions #4

Updated by jonathan ferguson over 6 years ago

I am also running this patch in a major production environment with over 500 users. I encourage the redmine devs to evaluate it and admit it into the master branch.

Actions

Also available in: Atom PDF