- set ldap api settings to encrypt with AES via api
- create ldap server configuration with know pwd via api
- compart pwd decrypted to pwd and make sure is correct
- compare pwd to pwd and make sure it is different
- remove ldap configuration

- set ldap api settings to encrypt with Encrypt Module
- create ldap server configuration with know pwd via api
- compart pwd decrypted to pwd and make sure is correct
- compare pwd to pwd and make sure it is different
- remove ldap configuration

Comments

retsamedoc’s picture

I've got a patch #580786: Standard LDAP Password Encryption that we should leverage for the password encryption. It will allow for all the standard password encryption types the RFC specifies.

The simple test would be to change a test user's password hash, then see if a bind can be accomplished with the unencrypted password. (LDAP decrypts the passwords itself but does not encrypt the hash upon password change).

johnbarclay’s picture

Sounds good. I was thinking of skipping the unittests in the d6 version since d7 has the framework built right in. Most of the unit tests will carry over though.

Like the patch. I think that and leveraging the encrypt and aes modules when installed will give a lot of flexibility.