LDAP Encryption in config.json #1390

diegofreesz · 2023-08-04T00:31:49Z

diegofreesz
Aug 4, 2023

Hi there,

in config.json "ldap_bindpassword": Is it possible to provide an encrypted password?

if i provide a password in clear text, any sniffer will be able to read it.

ansibleguy · 2023-08-04T13:14:00Z

ansibleguy
Aug 4, 2023

When using LDAP you should always use LDAPS (encrypted) so the passwords and user-information are protected in transit.
LDAPS can be enabled using the config => see 'ldap_needtls'

I don't think you can provide an encrypted password. (at rest encryption)
Can you give a practical example how someone can 'sniff' the content of a file, that is only readable by root & the service-user running semaphore?

0 replies

tboerger · 2024-03-03T20:24:37Z

tboerger
Mar 3, 2024
Collaborator

It is not possible to encrypt this password as it needs to be provided in plaintext to the LDAP client used within Semaphore.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

LDAP Encryption in config.json #1390

{{title}}

Replies: 2 comments

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

Select a reply

LDAP Encryption in config.json #1390

diegofreesz Aug 4, 2023

Replies: 2 comments

ansibleguy Aug 4, 2023

tboerger Mar 3, 2024 Collaborator

diegofreesz
Aug 4, 2023

ansibleguy
Aug 4, 2023

tboerger
Mar 3, 2024
Collaborator