c2c-oerpscenario team mailing list archive

Thread
Date

[Bug 738721] Re: base_crypt and users_ldap don't work together

To: c2c-oerpscenario@xxxxxxxxxxxxxxxxxxx
From: Martin Collins <738721@xxxxxxxxxxxxxxxxxx>
Date: Wed, 18 May 2011 14:14:50 -0000
Reply-to: Bug 738721 <738721@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

It is mysterious. How many users actually want their passwords in clear
text?

However, when configured correctly users_ldap does not store the ldap
passwords in OpenERP. See this bug
https://bugs.launchpad.net/bugs/760301 for a good explanation.

As I have mentioned elsewhere, I am not much enamoured of base_crypt and
would rather see a password field type with the encryption handled by
pgcrypt. Passwords should be encrypted by default. If anyone does want
unencrypted passwords they can change the field type to string.

--
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
https://bugs.launchpad.net/bugs/738721

Title:
base_crypt and users_ldap don't work together

Status in OpenERP Modules (addons):
Confirmed

Bug description:
I installed and configured users_ldap so that all of my users can login using their credentials stored in OpenLDAP, which worked fine. Then I installed base_crypt (with the intention of all other passwords in the db, for non-ldap-users like 'admin') being encrypted. However, this prevents all LDAP users from logging in.
I suppose that base_crypt tries to authenticate the user and if this fails, login fails, without users_ldap trying to authenticate. I think this behaviour should be changed towards:
1. Check whether user can login using the (possibly encrypted) password in the database.
2. If not, check whether user can login using the LDAP password.
3. If now, refuse access.
Right now, the second step seems to be omitted when base_crypt is used.

References

[Bug 738721] [NEW] base_crypt and users_ldap don't work together
From: Tobias G. Pfeiffer, 2011-03-20