Bug #1349

Do not save the password in ldap auth driver

Added by Javi Fontan almost 9 years ago. Updated almost 9 years ago.

Status:ClosedStart date:07/12/2012
Priority:NormalDue date:
Assignee:Javi Fontan% Done:

0%

Category:Drivers - Auth
Target version:Release 3.8
Resolution:fixed Pull request:
Affected Versions:OpenNebula 3.6

Description

Ldap auth driver saves the ldap user password when the user is automatically created. This creates a security problem.

History

#1 Updated by Ruben S. Montero almost 9 years ago

  • Target version set to Release 3.8

#2 Updated by Ruben S. Montero almost 9 years ago

A patch is attached in #1385

#3 Updated by Ruben S. Montero almost 9 years ago

  • Status changed from New to Assigned

#4 Updated by Javi Fontan almost 9 years ago

  • Category set to Drivers - Auth
  • Status changed from Assigned to Closed
  • Resolution set to fixed

Now the ldap driver returns the user dn as password. This way we also have information on the user and the password is not saved.

Also available in: Atom PDF