View Issue Details

IDProjectCategoryView StatusLast Update
0010979mantisbtldappublic2010-02-22 14:34
Reporterbrianstv Assigned Tovboctor  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Versiongit trunk 
Target Version1.2.0Fixed in Version1.2.0 
Summary0010979: New user creation when using LDAP authentication enters plain text password user entered into the database.
Description

On system using LDAP authentication and a new user logs into mantis, they are authenticated via LDAP, but the 'user_create' function stores their password in the database in plain text.
Setting the password to '' would be preferable as that field is not used for authentication anyway when 'login_method' is set to LDAP.

This function would also be a good place to set the User's realname from the values in LDAP for historical purposes if 'use_ldap_realname' is set to ON.
See 0010910 for a related problem.

TagsNo tags attached.

Relationships

has duplicate 0010909 closedvboctor LDAP password copied to mantis_user_table 

Activities

vboctor

vboctor

2009-10-14 00:52

manager   ~0023170

The MD5 password is now saved. This will allow login from the database if MantisBT login switches back to native MD5 login. In the future, we can also default to DB passwords if LDAP is down.

Related Changesets

MantisBT: master 81660f13

2009-10-14 00:48

vboctor


Details Diff
Fix 0010979: New user creation when using LDAP authentication enters plain text password user entered into the database. Affected Issues
0010979
mod - core/authentication_api.php Diff File

MantisBT: master-1.2.x 096c46d1

2009-10-14 00:48

vboctor


Details Diff
Fix 0010979: New user creation when using LDAP authentication enters plain text password user entered into the database. Affected Issues
0010979
mod - core/authentication_api.php Diff File