LDAP authentication

Asked by Peter Dracvel on 2015-12-14

We noticed that login with the LDAP backend cause writing into zodb user password, so if user change his password in LDAP Central Portal he can login using a new password from LDAP or old password stored as he login in schooltool before. Is it possible to authenticate only against LDAP? If no, if the users passwords are stored encrypted in schooltool zodb database? If yes, which encryption algorithm (one way hash fuction) is used or it is stored clear text?

Question information

Language:
English Edit question
Status:
Answered
For:
SchoolTool Edit question
Assignee:
No assignee Edit question
Last query:
2015-12-14
Last reply:
2015-12-18
Tom Hoffman (tom-hoffman) said : #1

The LDAP authentication checks against the server. To be honest, the developer who wrote the LDAP implementation is no longer on the project, and it isn't immediately obvious to us what the purpose of storing the password locally is. Probably as a fallback. The passwords are hashed (sha1) in the ZODB.

Can you help with this problem?

Provide an answer of your own, or ask Peter Dracvel for more information if necessary.

To post a message you must log in.