I would like to display user's ldap data without allowing them to edit it. However, I am very concerned about storing the user's password in plain text. Is there a way to display their information without storing their password in the session?

Comments

cpugeniusmv’s picture

There is an option called "Do not store users' passwords during sessions" in admin/settings/ldapauth/options. When that is checked the module will use the DN for non-anonymous search configured in the LDAP Server settings. Assuming that DN is authorized to read other users' information that you wish to display, that should work.

johnbarclay’s picture

Status: Active » Closed (won't fix)

Closing 5.x issues to clean out issue queue.