Even though the Security Options is set to no store user passwords, LDAP integration is storing the password hash in the Drupal user table on initial login. This was working properly before as users who logged in via their LDAP credentials before I upgraded to HEAD do not have their password hash stored. For those users, subsequent logins with HEAD doesn't cause their passwords to be stored. However, users newly logging in have their passwords stored in the Drupal user table.

Comments

scafmac’s picture

scafmac commented
Status: Active » Fixed

Previously it used the authentication sequence (LDAP or Druapal then LDAP) to decide on the clear text password. That's been fixed in head. It only effects users accounts when the account is created, so existing users' passwords will not be effected by the fix.

I'm testing and hope to upload some bug fixes, including this one, to head tonight.

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)