Defect #33978
open 
    
  Redmine.pm shall decrypt LDAP bind password
0%
Related issues
       Updated by Anonymous about 5 years ago
      Updated by Anonymous about 5 years ago
      
    
    Redmine saves LDAP bind password on the table auth_sources with encryption by AES-256-CBC. Redmine itself is aware of the encryption and read out it with decryption.
On the other hand, Redmine.pm is reading the relational database directly without decryption and fails to bind LDAP and finally fails to authenticate Subversion access.
       Updated by Anonymous about 5 years ago
      Updated by Anonymous about 5 years ago
      
    
    There is no way to read out cipher_key setting from config/configuration.yml from perl and then it is difficult to integrate Redmine.pm to Redmine.
       Updated by Go MAEDA about 5 years ago
      Updated by Go MAEDA about 5 years ago
      
    
    - Tracker changed from Feature to Defect
- Category changed from Accounts / authentication to SCM extra
- Status changed from New to Confirmed
- Affected version set to 1.2.0
       Updated by Go MAEDA about 5 years ago
      Updated by Go MAEDA about 5 years ago
      
    
    - Related to Feature #7411: Option to cipher LDAP ans SCM passwords stored in the database added
       Updated by Go MAEDA about 5 years ago
      Updated by Go MAEDA about 5 years ago
      
    
    徹 原口 wrote:
There is no way to read out cipher_key setting from config/configuration.yml from perl and then it is difficult to integrate Redmine.pm to Redmine.
Maybe Redmine.pm should support a new directive such as RedmineDbCiperKey.
       Updated by Anonymous about 5 years ago
      Updated by Anonymous about 5 years ago
      
    
    Since our company changed LDAP service to require bind and the old one will be ceased at 9/30, some work around is needed.
       Updated by Anonymous about 5 years ago
      Updated by Anonymous about 5 years ago
      
    
    Will somebody insist a best ciphering lib for perl?
       Updated by Anonymous about 5 years ago
      Updated by Anonymous about 5 years ago
      
    
    Oh, there was.
https://metacpan.org/pod/Crypt::Cipher::AES
       Updated by Anonymous about 5 years ago
      Updated by Anonymous about 5 years ago
      
    
    As an workaround, I will make the password constant in Redmine.pm so far. Please resolve this contradiction in near future.