<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic How To Hide Password in ldap-authentication.properties? in Alfresco Archive</title>
    <link>https://connect.hyland.com/t5/alfresco-archive/how-to-hide-password-in-ldap-authentication-properties/m-p/200667#M153797</link>
    <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;SPAN&gt;Hi, there are two lines here required for LDAP synchronization:&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;PRE class="language-none line-numbers"&gt;&lt;CODE&gt;&lt;BR /&gt;# The default principal to use (only used for LDAP sync)&lt;BR /&gt;ldap.authentication.java.naming.security.principal=user1@company.com&lt;BR /&gt;&lt;BR /&gt;# The password for the default principal (only used for LDAP sync)&lt;BR /&gt;ldap.authentication.java.naming.security.credentials=password&lt;BR /&gt;&lt;SPAN class="line-numbers-rows"&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/CODE&gt;&lt;/PRE&gt;&lt;SPAN&gt;How do we hide the password?&amp;nbsp; Or if there is a way to get the password from the logged on user somehow?&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;Geoffrey&lt;/SPAN&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
    <pubDate>Wed, 01 Apr 2009 14:35:02 GMT</pubDate>
    <dc:creator>geoffrey1211</dc:creator>
    <dc:date>2009-04-01T14:35:02Z</dc:date>
    <item>
      <title>How To Hide Password in ldap-authentication.properties?</title>
      <link>https://connect.hyland.com/t5/alfresco-archive/how-to-hide-password-in-ldap-authentication-properties/m-p/200667#M153797</link>
      <description>Hi, there are two lines here required for LDAP synchronization:# The default principal to use (only used for LDAP sync)ldap.authentication.java.naming.security.principal=user1@company.com# The password for the default principal (only used for LDAP sync)ldap.authentication.java.naming.security.creden</description>
      <pubDate>Wed, 01 Apr 2009 14:35:02 GMT</pubDate>
      <guid>https://connect.hyland.com/t5/alfresco-archive/how-to-hide-password-in-ldap-authentication-properties/m-p/200667#M153797</guid>
      <dc:creator>geoffrey1211</dc:creator>
      <dc:date>2009-04-01T14:35:02Z</dc:date>
    </item>
    <item>
      <title>Re: How To Hide Password in ldap-authentication.properties?</title>
      <link>https://connect.hyland.com/t5/alfresco-archive/how-to-hide-password-in-ldap-authentication-properties/m-p/200668#M153798</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;SPAN&gt;There isn't a way to hide the password.&amp;nbsp; without making life difficult.&amp;nbsp; &lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;in either of your scenarios, you will probably have to extend alfresco.&amp;nbsp; I dont think the PW can be obfuscated and i dont know about using user credentials.&amp;nbsp; &lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;If you use user credentials(as opposed to how it is now) to bind you will be unable to perform an ldap sync.&amp;nbsp; &lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;If i were you i would verify your file permissions.&amp;nbsp; &lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;if you are running Linux, a chmod&amp;nbsp; of 600 will restrict the file so only the owner can read and write.&amp;nbsp; while the group and other users cant do a thing.&amp;nbsp; A permission of 400 will make it read only to hte owner.&amp;nbsp; (in many linux cases i deal with the user is probably apache and the group is apache or httpd and httpd)&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;on those permissions&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;660 is read write for user and group and no access for others&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;640 is rw for owner, r for group and no access for others&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;440 is r for owner and group and no access for others.&amp;nbsp; &lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;but you should only need 400 as a sudoer or root will be able to get R/W access&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;windows has similar permission mechanisms.&amp;nbsp; &lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;Also, you should lock down the account you use to connect alfresco to the directory.&amp;nbsp; basically, all the account needs to do is bind the ldap directory so it can scan it.&amp;nbsp; In an active directory scenario, you only allow login from the one alfresco server though i think you can get tighter than that&lt;/SPAN&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 03 Apr 2009 14:15:25 GMT</pubDate>
      <guid>https://connect.hyland.com/t5/alfresco-archive/how-to-hide-password-in-ldap-authentication-properties/m-p/200668#M153798</guid>
      <dc:creator>ofrxnz</dc:creator>
      <dc:date>2009-04-03T14:15:25Z</dc:date>
    </item>
  </channel>
</rss>

