[MGNLLDAP-11] credentials need to be encrypted for LDAP user authentication Created: 27/Apr/07 Updated: 09/Jun/11 Resolved: 09/Jun/11 |
|
| Status: | Closed |
| Project: | LDAP Connector |
| Component/s: | None |
| Affects Version/s: | 1.0-rc3 |
| Fix Version/s: | 1.2 |
| Type: | Improvement | Priority: | Major |
| Reporter: | Yuanhua Qu | Assignee: | Unassigned |
| Resolution: | Outdated | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
window xp |
||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
| Date of First Response: |
| Description |
|
Well, we still have one security concern for LDAP user authentification. That is when user credentials were sent to LDAP server, they were not encrypted in the bind request and can clearly be seen accross the network. Is there any solution for this? |
| Comments |
| Comment by Sameer Charles [ 27/Apr/07 ] |
|
I think its possible to use MD5 Digest over SASL but I have to investigate further on this. |
| Comment by Sameer Charles [ 27/Apr/07 ] |
|
ok, it seems to work. Moved it to fix version 1.0 so it will be released together with magnolia 3.1 release. |
| Comment by Sameer Charles [ 03/May/07 ] |
|
You can configure the level of security using java.naming.security.authentication attribute in LDAP map file Values supported by sun service provider :
OR You can configure SSL using java.naming.security.protocol=ssl (Please note that in case of ssl you need to install server |
| Comment by Yuanhua Qu [ 08/May/07 ] |
|
Great. Since we are integrating LDAP with our magnolia into our production, please kindly advise me the new ldap jar file and map file I should grab to test in our environment. |
| Comment by Magnolia International [ 09/Jun/11 ] |
|
was addressed with 1.0 already. |