cancel
Showing results for 
Search instead for 
Did you mean: 

How To Hide Password in ldap-authentication.properties?

geoffrey1211
Champ in-the-making
Champ in-the-making
Hi, there are two lines here required for LDAP synchronization:


# The default principal to use (only used for LDAP sync)
ldap.authentication.java.naming.security.principal=user1@company.com

# The password for the default principal (only used for LDAP sync)
ldap.authentication.java.naming.security.credentials=password
How do we hide the password?  Or if there is a way to get the password from the logged on user somehow?
Geoffrey
1 REPLY 1

ofrxnz
Champ in-the-making
Champ in-the-making
There isn't a way to hide the password.  without making life difficult. 

in either of your scenarios, you will probably have to extend alfresco.  I dont think the PW can be obfuscated and i dont know about using user credentials. 

If you use user credentials(as opposed to how it is now) to bind you will be unable to perform an ldap sync. 

If i were you i would verify your file permissions. 

if you are running Linux, a chmod  of 600 will restrict the file so only the owner can read and write.  while the group and other users cant do a thing.  A permission of 400 will make it read only to hte owner.  (in many linux cases i deal with the user is probably apache and the group is apache or httpd and httpd)

on those permissions
660 is read write for user and group and no access for others
640 is rw for owner, r for group and no access for others
440 is r for owner and group and no access for others. 

but you should only need 400 as a sudoer or root will be able to get R/W access


windows has similar permission mechanisms. 

Also, you should lock down the account you use to connect alfresco to the directory.  basically, all the account needs to do is bind the ldap directory so it can scan it.  In an active directory scenario, you only allow login from the one alfresco server though i think you can get tighter than that