[MGNLLDAP-11] credentials need to be encrypted for LDAP user authentication Created: 27/Apr/07  Updated: 09/Jun/11  Resolved: 09/Jun/11

Status: Closed
Project: LDAP Connector
Component/s: None
Affects Version/s: 1.0-rc3
Fix Version/s: 1.2

Type: Improvement Priority: Major
Reporter: Yuanhua Qu Assignee: Unassigned
Resolution: Outdated Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

window xp
redhat linux
tomcat 5.0.28
jdk1.5.0_08


Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Date of First Response:

 Description   

Well, we still have one security concern for LDAP user authentification. That is when user credentials were sent to LDAP server, they were not encrypted in the bind request and can clearly be seen accross the network. Is there any solution for this?



 Comments   
Comment by Sameer Charles [ 27/Apr/07 ]

I think its possible to use MD5 Digest over SASL but I have to investigate further on this.

Comment by Sameer Charles [ 27/Apr/07 ]

ok, it seems to work.
I will not add this by default but rather make it configurable so you can choose the encryption depending upon LDAP version your server uses.

Moved it to fix version 1.0 so it will be released together with magnolia 3.1 release.

Comment by Sameer Charles [ 03/May/07 ]

You can configure the level of security using java.naming.security.authentication attribute in LDAP map file

Values supported by sun service provider :

  • none
  • simple (plain text)
  • DIGEST-MD5
  • EXTERNAL (custom)
  • GSSAPI (Kerberos V5)

OR

You can configure SSL using java.naming.security.protocol=ssl (Please note that in case of ssl you need to install server
certificate in your JRE database)

Comment by Yuanhua Qu [ 08/May/07 ]

Great. Since we are integrating LDAP with our magnolia into our production, please kindly advise me the new ldap jar file and map file I should grab to test in our environment.

Comment by Magnolia International [ 09/Jun/11 ]

was addressed with 1.0 already.

Generated at Mon Feb 12 02:20:43 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.