Hi Tiago,

Thanks commenting.
Let me try to clarify.

When creating a LDAP user directory, i provide a username and password, that will be used when fetching users and groups. That password provided here, is saved to the database in clear text.

It is being saved to the table: [cwd_directory_attribute] with attributename as [ldap.password], and the password as value.

That is my concern.

It may be a solution to create a domain-account that has that single purpose, to read from AD, and then "live with" that it's password is revealed in the DB.

Another solution would be to use anonymous lookup, and configure the AD to allow anonymous access from the confluence servers specific IP address. Can that be configured in Confluence? (to use anonymous LDAP access)

Cheers!

A third option on the authentication-in-windows thing - you might want to look at http://www.adaptavist.com/w/products-plugins/enterprise-products/adaptavist-umbrella/ (As well as "log into Windows and you're in Confluence too", it does SAML and some other stuff people ask for here)

And yes, this is a bit of a blatant plug, so I should say that I work for Adaptavist at the moment. I've not been involved in the development of it, it was there before I was, but I can vouch for the really good people who did write it.

It is not in clear text in our installation. Sound like you've got a weird setup to me.

Yes, I should have said that too - the couple of AD connected Confluences I've dipped into today are definitely not storying plaintext passwords.

Wow. That is really weird! What kind of database are you guys using. I'm wondering if "MS SQL Server" is not supporting some special "password-field" used in other types of databases, making it save the password in clear-text?

https://answers.atlassian.com/questions/266580/crowd-stores-ldap-directory-password-as-plaintext-in-backup-file

The link above, is not the exact problem, but i think it relates very well.

If you have access to the confluence database, then try running this query and see what you get:

SELECT [directory_id],[attribute_value],[attribute_name] FROM <DatabaseName>.[dbo].[cwd_directory_attribute] WHERE attribute_name = 'ldap.password'

Update: Just tested on PostgreSQL. Same issue here. Ldap password is stored in clear text.

Hi Martin, same to me on MSSQL, the passwords are not in clear text. May I know what's your Confluence version?

Cheers

Hi Tiago. Sure, the version i'm running is 5.4.3 (64-bit).

Verified the same behavior on v. 5.0.1 and 4.3.5 (all 64-bit).

Tiago, have you tried running the SQL i provided? I would be very suprised if you see a "scrambled" password. If you do, i would like to know which version you are seeing it on :)