Online demo
Download
Contact

Because information matters

  • LDAP Configuration stored in plain text

  • OpenKM has many interesting features, but requires some configuration process to show its full potential.
It is currently Fri Apr 17, 2026 7:17 am

LDAP Configuration stored in plain text

OpenKM has many interesting features, but requires some configuration process to show its full potential.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 Reply

LDAP Configuration stored in plain text

 #40256  by vsubramanian
 
Hi,
We would like to authenticate OpenKM using 'Active Directory' LDAP.
Went through the document in the link http://wiki.openkm.com/index.php/Active ... OpenKM_6.2.

Had a question on how the 'LDAP passwd' is stored in the configuration file.
Is the 'LDAP passwd' stored as a 'plain text' in the OpenKM.cfg and OpenKM.xml files?
If they are stored in 'plain text', is there a way to make sure the password is NOT viewable by any user - since having the 'LDAP passwd' in 'plain text' will be a security risk.

Thanks in advance,
Vasu

Re: LDAP Configuration stored in plain text

 #40263  by jllort
 
The credentials of the LDAP user are in plain text ( is not necessary you set an administrator user, simply user with read grants to navigate and do queries is enough ). About security, well, only administrator should take access to the OpenKM.cfg or OpenKM.xml files and the same with Administration tab. These are not any users, are the administrator of the server and the application.

Re: LDAP Configuration stored in plain text

 #40319  by pavila
 
If any user can log into the server where you have installed OpenKM and access these files, it's a security risk.

Re: LDAP Configuration stored in plain text

 #40424  by vsubramanian
 
Hi pavila/jllort,

During OpenKM runtime, when OpenKM needs the 'password' to access' LDAP', does OpenKM get it from the "OpenKM.cfg and OpenKM.xm" files Or from the "database".

LDAPPrincipalAdapter.java :
Is this the class that reads the password to connect to LDAP?
This seems to read the 'LDAP password' from the 'database'.
Does this mean that the 'LDAP password' stored in "OpenKM.cfg and OpenKM.xm" is ignored?


Thanks,
Vasu

Re: LDAP Configuration stored in plain text

 #40438  by jllort
 
Password stored in OpenKM.xml is used by spring directly. Password stored at database ( Administration -> Configuration parameters ) is used by LdapPrincipalAdapter class. Any configuration in OpenKM.cfg about ldap is totally ignored.
 Reply
 Return to “Configuration”

Favorites

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.

Powered By phpBB -
 ©OpenKM 2021
 - All times are UTC -