[TYPO3-english] Re: ldap/sso extension ldap bind failed
Xavier Perseguers
xavier at typo3.org
Wed Sep 2 09:24:57 CEST 2015
Hello,
The problem of ***** stored in DB has been reported to the LDAP extension's bug tracker. However, after confirming the bug and analysing, it turned out that was a bug in TYPO3 7.4.0.
The good point is that the bug is fixed since 8 days in git master (of TYPO3): https://forge.typo3.org/issues/69153 and that you may easily fix it in your current 7.4 install if you don't want to use master branch.
Regarding hashing the password, it's unfortunately not possible since we need the actual value when binding to LDAP. One way could be to use symmetric encryption but that would not add any actual level of security and this information is never disclosed to non-administrators so it's quite fine. Another way would be to let anonymous binding to your LDAP, then you wouldn't need any credentials (did not test if this works since in real time scenario I've never seen a real life system allowing extended access in anonymous mode).
Kind regards
--
Xavier Perseguers
TYPO3 CMS Team
TYPO3 .... inspiring people to share!
Get involved: http://typo3.org
More information about the TYPO3-english
mailing list