[allura:tickets] Re: #7388 Allura's LDAP provider password managing improvements

[Dave Brondsema <br...@users.sf.net>]

Good catch.  I think we'll need deeper updates to make it really work well with LDAP though.  LDAP will often provide names and email addresses, and may or may not let users change those within Allura (e.g. have to change it somewhere else in LDAP directly).  So this will probably have to be configurable for each provider, and likely some additional methods or hooks to keep LDAP (or any other auth store) in sync with Allura changes if allowed.  Lets handle that in a separate ticket.  I can create one in a while.

For now lets just keep it as-is for name and email.  Few others like password recovery I think is fine to change to `!= 'sfx'`  (And then we can clean up the 'sfx' references later, once we get rid if it)


---

** [tickets:#7388] Allura's LDAP provider password managing improvements**

**Status:** in-progress
**Milestone:** limbo
**Labels:** 42cc 
**Created:** Tue May 13, 2014 09:06 AM UTC by Igor Bondarenko
**Last Updated:** Fri May 16, 2014 11:59 AM UTC
**Owner:** nobody

- in `set_password` handle case, where old password is not provided ([#7342] for reference). Use admin credentials for LDAP in this case.
- Enable `forgotten_password_process` for LDAP provider
- Store hashed password (algorithm in [#7342]). Algorithm, # of rounds and salt length should be `.ini` options


---

Sent from sourceforge.net because dev@allura.apache.org is subscribed to https://sourceforge.net/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.