Vote #75359
未完了Enable encrypted LDAP passwords with Redmine.pm
0%
説明
The attached patch resolves Defect #10963; it enables @extra/svn/Redmine.pm@ to decrypt passwords used for LDAP binding in case the Redmine database is encrypted using @lib/redmine/ciphering.rb@ configured via @database_cipher_key@ in @config/configuration.yml@.
It introduces a new apache configuration directive, @RedmineDatabaseCipherKey@, which must be set to the same @database_cipher_key@ that's used in the @config/configuration.yml@ of your redmine installation. Otherwise, @Redmine.pm@ won't be able to correctly decrypt ciphered LDAP passwords.
The modifications don't change the currently exposed behavior; without @RedmineDatabaseCipherKey@ being set and/or with an unencrypted database no decryption will be performed, leaving the passwords as stored in the database.
Two additional perl modules must be installed to decrypt ciphered passwords: @Crypt::CBC@ and @MIME::Base64@. If these modules are not available for @Redmine.pm@, no decryption will be performed.
journals
--------------------------------------------------------------------------------
FTR:
#10963#note-6 has more description.
--------------------------------------------------------------------------------
+1
--------------------------------------------------------------------------------
I am also running this patch in a major production environment with over 500 users. I encourage the redmine devs to evaluate it and admit it into the master branch.
--------------------------------------------------------------------------------
related_issues
relates,Closed,10963,Encrypting LDAP/Repos passwords on the database prevent LDAP Authentification on Repos/Apache from working