For most people, it should be transparent, but I wanted to point out that from now on, all password writes in LDAP Backing Directory are encrypted using the SSHA scheme by default. This object is the current standard LDAP Directory in CPS, so this should affect most LDAP setups, and in particular CPSLDAPSetup. More encryption schemes can be implemented upon request (especially if you provide an encryption function). If needed, one can still write unencrypted passwords by selecting 'none' for the password_encryption property in the ZMI. Also worth of notice: all attempts to fetch the user's password from CPS will return an empty string. This is primarily to ensure protection against loops of rehashing that could corrupt your user database, but we believe it's a good thing in itself. A side effect is that empty passwords are banned. This has been checked in the trunk, so it should go in the next stable release (CPS 3.4.1). Cheers, --------- Georges Racinet Nuxeo SAS gracinet at nuxeo.com http://nuxeo.com Tel: +33 (0) 1 40 33 71 73
Hosting: Nuxeo: Zope service provider