Jump to content

LDAP Import Tool - Password in Plain Text

Recommended Posts

Hi there,

I've setup the Hornbill LDAP tool to import our users which works fine but I noticed the domain account password we enter is stored in plain text within the config file.

Is it possible to encrypt or hide the password?



Link to comment
Share on other sites

Hi Matt

The problem with Encrypting the password stored in the configuration file is as the tool is open source what ever method we use to encrypt / decrypt will be reproducible by anyone you are trying to hide the password from. 

We suggest the following as best practice:

  1. Create a new user account that has only the most basic rights to read the details from the required OU's
  2. Place the configuration file in a secure network location 

If both of these points are followed then our internal security guys see no real risk to internal security. 

Of course if this is still not sufficient our tool is fully open source and you can fork this adding in your own secure encryption scheme to the field in the configuration file.

Kind Regards

Trevor Killick

Link to comment
Share on other sites

We have the LDAP_Import tool running on a server that very very few people have access to, it works as the users with access are the ones who manage Active Directory anyway. 

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...