Best practice forum (Archived)

LDAP Bind Password Security

 
? ?
LDAP Bind Password Security
by ? ? - Friday, 23 August 2013, 8:47 AM
 

The LDAP bind password for the ldap authentication module is stored clear text in the database. This is a big red flag for a client I am working with. Wondering if anyone has a customization for encrypting the bind password so that it is not stored plain text. Maybe the existing salt in config.php could be used to salt it. It couldn't be one-way hashed like the current user passwords, since Totara needs to be able to get at the plaintext version of the password in order to perform bind.

 

Thoughts? Me toos?