LDAP auth source password cleartext in DB

Support
1

It seems the LDAP auth source password is cleartext in the DB. I was
wondering if this could be stored as a hash instead, like user
passwords are. If this is something that would be OK to have added
let me know and I'll create a ticket for it.

Thanks,
Jake

2

You should create a ticket. Furthermore, why is foreman storing a password if its using LDAP?

Corey

··· On May 24, 2011, at 1:57 PM, Jake - USPS wrote:

It seems the LDAP auth source password is cleartext in the DB. I was
wondering if this could be stored as a hash instead, like user
passwords are. If this is something that would be OK to have added
let me know and I’ll create a ticket for it.

Thanks,
Jake


You received this message because you are subscribed to the Google Groups “Foreman users” group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/foreman-users?hl=en.

3

Its the username/password to login to AD as to do the queries for
everyone else with. It's optional, we need it.

I'll create a ticket then shortly.

Thanks,
Jake

··· On May 24, 4:02 pm, Corey Osman wrote: > You should create a ticket. Furthermore, why is foreman storing a password if its using LDAP? > > Corey > On May 24, 2011, at 1:57 PM, Jake - USPS wrote: > > > > > > > > > It seems the LDAP auth source password is cleartext in the DB. I was > > wondering if this could be stored as a hash instead, like user > > passwords are. If this is something that would be OK to have added > > let me know and I'll create a ticket for it. > > > Thanks, > > Jake > > > -- > > You received this message because you are subscribed to the Google Groups "Foreman users" group. > > To post to this group, send email to foreman-users@googlegroups.com. > > To unsubscribe from this group, send email to foreman-users+unsubscribe@googlegroups.com. > > For more options, visit this group athttp://groups.google.com/group/foreman-users?hl=en.
4

I guess he means the user used to bind to LDAP.
If that's correct, inputting the password should be optional - as you can
specify:

Username: yourdomain$login
And leave the password blank.

It will then use the login/password of the current user for binding.

Cheers,
Marcello

··· -----Original Message----- From: foreman-users@googlegroups.com [mailto:foreman-users@googlegroups.com] On Behalf Of Corey Osman Sent: dinsdag 24 mei 2011 23:03 To: foreman-users@googlegroups.com Subject: Re: [foreman-users] LDAP auth source password cleartext in DB

You should create a ticket. Furthermore, why is foreman storing a password
if its using LDAP?

Corey
On May 24, 2011, at 1:57 PM, Jake - USPS wrote:

It seems the LDAP auth source password is cleartext in the DB. I was
wondering if this could be stored as a hash instead, like user
passwords are. If this is something that would be OK to have added
let me know and I’ll create a ticket for it.

Thanks,
Jake


You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.


You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.

5

Bug #941: LDAP Auth source password stored cleartext - Foreman created.

Thanks!
Jake

··· On May 24, 4:05 pm, Jake - USPS wrote: > Its the username/password to login to AD as to do the queries for > everyone else with. It's optional, we need it. > > I'll create a ticket then shortly. > > Thanks, > Jake > > On May 24, 4:02 pm, Corey Osman wrote: > > > > > > > > > You should create a ticket. Furthermore, why is foreman storing a password if its using LDAP? > > > Corey > > On May 24, 2011, at 1:57 PM, Jake - USPS wrote: > > > > It seems the LDAP auth source password is cleartext in the DB. I was > > > wondering if this could be stored as a hash instead, like user > > > passwords are. If this is something that would be OK to have added > > > let me know and I'll create a ticket for it. > > > > Thanks, > > > Jake > > > > -- > > > You received this message because you are subscribed to the Google Groups "Foreman users" group. > > > To post to this group, send email to foreman-users@googlegroups.com. > > > To unsubscribe from this group, send email to foreman-users+unsubscribe@googlegroups.com. > > > For more options, visit this group athttp://groups.google.com/group/foreman-users?hl=en.
6

The password should be encrypted in the database.

Corey

··· On May 24, 2011, at 2:11 PM, Marcello de Sousa wrote:

I guess he means the user used to bind to LDAP.
If that’s correct, inputting the password should be optional - as you can
specify:

Username: yourdomain$login
And leave the password blank.

It will then use the login/password of the current user for binding.

Cheers,
Marcello

-----Original Message-----
From: foreman-users@googlegroups.com [mailto:foreman-users@googlegroups.com]
On Behalf Of Corey Osman
Sent: dinsdag 24 mei 2011 23:03
To: foreman-users@googlegroups.com
Subject: Re: [foreman-users] LDAP auth source password cleartext in DB

You should create a ticket. Furthermore, why is foreman storing a password
if its using LDAP?

Corey
On May 24, 2011, at 1:57 PM, Jake - USPS wrote:

It seems the LDAP auth source password is cleartext in the DB. I was
wondering if this could be stored as a hash instead, like user
passwords are. If this is something that would be OK to have added
let me know and I’ll create a ticket for it.

Thanks,
Jake


You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.


You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.


You received this message because you are subscribed to the Google Groups “Foreman users” group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/foreman-users?hl=en.

7

Dude, that worked! I like that much better then what I was doing.

I'm assuming since there are both a username/password field in the
LDAP Auth source that there could be a need for both to be filled
sometimes? So I think saving the password cleartext should still be
addressed. But I guess I don't care anymore since I have a better
solution for my environment! :slight_smile:

Thanks again!
Jake

··· On May 24, 4:11 pm, "Marcello de Sousa" wrote: > I guess he means the user used to bind to LDAP. > If that's correct, inputting the password should be optional - as you can > specify: > > Username: yourdomain\$login > And leave the password blank. > > It will then use the login/password of the current user for binding. > > Cheers, > Marcello > > > > > > > > -----Original Message----- > From: foreman-users@googlegroups.com [mailto:foreman-users@googlegroups.com] > > On Behalf Of Corey Osman > Sent: dinsdag 24 mei 2011 23:03 > To: foreman-users@googlegroups.com > Subject: Re: [foreman-users] LDAP auth source password cleartext in DB > > You should create a ticket. Furthermore, why is foreman storing a password > if its using LDAP? > > Corey > On May 24, 2011, at 1:57 PM, Jake - USPS wrote: > > > It seems the LDAP auth source password is cleartext in the DB. I was > > wondering if this could be stored as a hash instead, like user > > passwords are. If this is something that would be OK to have added > > let me know and I'll create a ticket for it. > > > Thanks, > > Jake > > > -- > > You received this message because you are subscribed to the Google Groups > "Foreman users" group. > > To post to this group, send email to foreman-users@googlegroups.com. > > To unsubscribe from this group, send email to > foreman-users+unsubscribe@googlegroups.com. > > For more options, visit this group athttp://groups.google.com/group/foreman-users?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Foreman users" group. > To post to this group, send email to foreman-users@googlegroups.com. > To unsubscribe from this group, send email to > foreman-users+unsubscribe@googlegroups.com. > For more options, visit this group athttp://groups.google.com/group/foreman-users?hl=en.