MattEfford Posted July 6, 2016 Share Posted July 6, 2016 Hi there, I've setup the Hornbill LDAP tool to import our users which works fine but I noticed the domain account password we enter is stored in plain text within the config file. Is it possible to encrypt or hide the password? Thanks Matt Link to comment Share on other sites More sharing options...
TrevorKillick Posted July 6, 2016 Share Posted July 6, 2016 Hi Matt The problem with Encrypting the password stored in the configuration file is as the tool is open source what ever method we use to encrypt / decrypt will be reproducible by anyone you are trying to hide the password from. We suggest the following as best practice: Create a new user account that has only the most basic rights to read the details from the required OU's Place the configuration file in a secure network location If both of these points are followed then our internal security guys see no real risk to internal security. Of course if this is still not sufficient our tool is fully open source and you can fork this adding in your own secure encryption scheme to the field in the configuration file. Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
samwoo Posted July 6, 2016 Share Posted July 6, 2016 We have the LDAP_Import tool running on a server that very very few people have access to, it works as the users with access are the ones who manage Active Directory anyway. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now