Hello and first thank you for this great and useful module,

first of all i enabled php-mcrypt module on my server and selected "blowfish" in the LDAP User module admin page, (LDAP feeded with Drupal account info) but the passwords are written in clear text in the OpenLdap server (perhaps i missed another param ?)

Anyway i needed SSHA password encryption, i did not find a clean "drupal way" for overriding the function, so i ended replacing a line of code in the ldap_user.module :

function ldap_user_ldap_provision_pwd($action, $value = NULL, $reset = FALSE) {

...

if ($action == 'set') {

    //$current_user_pass = $value;  <-- commented this line and added below :

	$salt = pack("CCCC", mt_rand(), mt_rand(), mt_rand(), mt_rand());
	  $current_user_pass = "{SSHA}" . base64_encode(pack("H*", sha1($value . $salt)) . $salt);

...
}

That works, but is there a cleaner way to hook the ldap_user module to achieve this ?

As we can not override the ldap_user_ldap_provision_pwd function in a custom module (no hook_ldap_user_ldap_provision_pwd_alter ?)

Thanks and best wishes for this new year !

Comments

piactif created an issue. See original summary.

Roman_L’s picture

Roman_L CreditAttribution: Roman_L commented
Issue summary: View changes
grahl’s picture

grahl
he/him
Location Zürich
CreditAttribution: grahl as a volunteer commented
Component: Security » Code
Status: Active » Closed (works as designed)

Hi piactif

With your specific change it is probably easiest as you did it but maybe consider using composer and composer-patches to manage that automatically.

If there were more requests requiring changes to the password we could provide a hook to do what you indicate but with just one request it seems overkill to me. You can see the currently available hooks in the *.api.php files.

Otherwise, the usual path would be adding this as one more standardized encryption option similar to the others through a feature request patch.