Vote #81057
未完了Redmine.pm shall decrypt LDAP bind password
0%
journals
Redmine saves LDAP bind password on the table auth_sources with encryption by AES-256-CBC. Redmine itself is aware of the encryption and read out it with decryption.
On the other hand, Redmine.pm is reading the relational database directly without decryption and fails to bind LDAP and finally fails to authenticate Subversion access.
--------------------------------------------------------------------------------
There is no way to read out cipher_key setting from config/configuration.yml from perl and then it is difficult to integrate Redmine.pm to Redmine.
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
徹 原口 wrote:
> There is no way to read out cipher_key setting from config/configuration.yml from perl and then it is difficult to integrate Redmine.pm to Redmine.
Maybe Redmine.pm should support a new directive such as @RedmineDbCiperKey@.
--------------------------------------------------------------------------------
Since our company changed LDAP service to require bind and the old one will be ceased at 9/30, some work around is needed.
--------------------------------------------------------------------------------
Will somebody insist a best ciphering lib for perl?
--------------------------------------------------------------------------------
Oh, there was.
https://metacpan.org/pod/Crypt::Cipher::AES
--------------------------------------------------------------------------------
As an workaround, I will make the password constant in Redmine.pm so far. Please resolve this contradiction in near future.
--------------------------------------------------------------------------------
related_issues
relates,Closed,7411,Option to cipher LDAP ans SCM passwords stored in the database