Monday 25 August 2008 2:52:53 am
Hi, Just used the LDAP for user authentication, I can say that the password is not stored in eZpublish : When a user try to login, the login / password is sent to LDAP for authentication. If LDAP reply with a positive answer, the eZuser (in eZpublish) is logged in, and updated with such elements like First Name, Last Name, groups, but NO password is put in the eZuser. In fact, the password is encrypted in LDAP (for my case it is, but check your LDAP), so there is no possibilities to retrive password form LDAP (it is not really secure I think). The password is natively not stored in the session vars also. The only possibility you have is to implement you own login handler (copy the LDAP one, and modify it) to store password elsewhere (at this step, the password is not encrypted yet). But caution, for security reasons, you have to put it on the server side only ($_SESSION could be a good way, but keep an eye on other eZ extensions that can see it, in clear). Good luck.
Xavier Gouley
http://www.gxapplications.com/eng_blog/GX-Admin-s-Blog/
|