This patch adds more flexibility to the password encryption feature.

The old mechanism would only write cleartext or MD5 password hashes back to LDAP wherein this new method handles many more encryption types like salted hashes and SHA. It does check to see if these additional encryption types are supported by PHP at configuration time.

The patch includes a database update (currently number 6003) that renames the "encrypted" column to "enc_type" to better reflect the data stored. Also, the old values of the column were not remapped to keep disruption at a minimum ( '0' = clear, '1' = MD5).

Tested with D6.14 and OpenLDAP.

CommentFileSizeAuthor
#8 ldap_integration-encryption-580786-8.patch13.62 KBcgmonroe
#5 ldap_integration-6.x_1.0_beta2-encryption_3.patch13.64 KBlandry
#5 ldap_provisioning-encryption.patch3.32 KBlandry
#2 ldap_integration-6.x_1.0_beta2-encryption.patch12.68 KBretsamedoc
#1 ldap_integration-6.x_1.0_beta2-encryption.patch12.68 KBretsamedoc
ldap_integration-encryption.patch12.7 KBretsamedoc

Comments

retsamedoc’s picture

retsamedoc commented
Version: 6.x-1.0-beta1 » 6.x-1.0-beta2
StatusFileSize
new ldap_integration-6.x_1.0_beta2-encryption.patch12.68 KB

Updated for 6.x-1.0-beta2. Please test.

retsamedoc’s picture

retsamedoc commented
StatusFileSize
new ldap_integration-6.x_1.0_beta2-encryption.patch12.68 KB

Oops, forgot to increment the database update to 6004. Fixed here.

thtas’s picture

thtas commented

Tested this and it works well with SSHA for authentication. thanks!

The patch just needs to change the LDAPInterface.inc to change the set/get option name from "encrypted" to "enc_type"
otherwise it only sets plain text passwords in the LDAP directory.

arthur.duarte’s picture

arthur.duarte commented

Hi,

The patch works, but I needed to do some modifications:

In the Database:
- I had to go the ldapauth table and change manually column "encrypted" to column "enc_type"

In the LDAPInterface.inc file:
- I modified all entries from "encrypted" to "enc_type"

Now, I can have Drupal as a password manager to my LDAP.

Thank you Dude.

landry’s picture

landry commented
StatusFileSize
new ldap_provisioning-encryption.patch3.32 KB
new ldap_integration-6.x_1.0_beta2-encryption_3.patch13.64 KB

Attaching new patch with LDAPInterface.inc change for getOption/setOption.
Tested working fine with ldapprov, with the added patch changing encrypted occurences to enc_type, and adding ldapprov_encode_password(). encode_password() in ldapdata could take a server as arg, instead of relying on global $_ldapdata_ldap.

Could be good to have that integrated. Of course tested working fine here.

john franklin’s picture

john franklin commented

Applied and tested on one of my sites, works as expected. Thanks.

johnbarclay’s picture

johnbarclay commented
Status: Needs review » Reviewed & tested by the community
cgmonroe’s picture

cgmonroe commented
Version: 6.x-1.0-beta2 » 6.x-1.x-dev
StatusFileSize
new ldap_integration-encryption-580786-8.patch13.62 KB

Here is a new version of the ldap_integration patch that will apply to the 6.x-1.x head.

Same as #5 but with some line number changes and updates ldapsync.module to use enc_type and not encryption.

cgmonroe’s picture

cgmonroe commented
Status: Reviewed & tested by the community » Closed (fixed)

This has been committed to the 6.x-1.x branch. Marking as fixed/closed.