SOAP LDAP Authentication uses clear text password?

[gedron]

Hi All,

We've run into an odd situation I'm wondering if anyone else can shed some light on.
It looks like Sugar isn't using the LDAP encryption key when trying to authenticate via SOAP. In testing done with SoapUI I can get a successful login only when I use a plain text password, not with a key encrypted version. Has anyone else noticed this?

The specific issue for us is in using the KINAMU Outlook Connector and LDAP authentication in Sugar. We've already been in contact with the developer and he tends to agree that it looks like Sugar isn't encrypting the password when using LDAP authentication. Anyone have any ideas?

Thanks,

-Thomas

[kuske]

The LDAP authentication itself uses clear text passwords, that's right.

SugarCRM uses the encrytion key to encrypt the password on the way from an external application to the suagrcrm server, but on the server there is no more encryption between sugarcrm and ldap.

A drop of bitterness of the ldap interface.

[christianknoll]

Thomas,

as far as I remember you are on a 5.5. release. the only thing I see (asides a coiuple of other things ... ;-) ...) in difference here between 5.5 and 5.2 is a missing include.

eidt the file soap/SoapHelperFunctions.php. find the function decrypt_string (should be around line 1140. In the 5.5.GA CE I am looking at the following line is missing

require_once('modules/Administration/Administration.php');

just before the line (which is poretty much at the beginning of the function).

$focus = new Administration();

If you don't see this as well ust add it and see if it works then. This coul eb elogic and explain it. Since without the include the $focus object will not be created ad the rest of the decryption will not work. And thus if you log in with a cleartext password the initial attmept to log you in without decoding will be a success. If you log in with an encoded password the initial attempt will fail and the second attempt will fail to decode ...

let me know if that worked - bzut maybe in the Forum of the connector since I only read here from time 2 time ... when the Kids sleep and the TV Program is too boring ,,,

christian,

Hi All,

We've run into an odd situation I'm wondering if anyone else can shed some light on.
It looks like Sugar isn't using the LDAP encryption key when trying to authenticate via SOAP. In testing done with SoapUI I can get a successful login only when I use a plain text password, not with a key encrypted version. Has anyone else noticed this?

The specific issue for us is in using the KINAMU Outlook Connector and LDAP authentication in Sugar. We've already been in contact with the developer and he tends to agree that it looks like Sugar isn't encrypting the password when using LDAP authentication. Anyone have any ideas?

Thanks,

-Thomas

[gedron]

Hi Christian,

I've continued this conversation on the KINAMU forum here:
http://www.sugarforge.org/forum/mess...p?msg_id=24277

Thanks for your help!

Cheers,

-Thomas

[gedron]

To anyone also searching for a solution to SOAP LDAP authentication problems in SugarCRM 5.5.0 GA, a workaround is available here:
http://www.sugarforge.org/forum/foru...&forum_id=3680

Cheers,

-Thomas