Hi team, we have a "users.sso.passwords.save" parameter in our
roller.properties defined as follows:
# If you don't want user credentials from LDAP to be stored in Roller
# (possibly in clear-text) leave this alone, otherwise set to true.
# i.e. you would like a backup auth mechanism in case LDAP is down.
users.sso.passwords.save=false
Our security.xml does not support a fallback mechanism to rollerdb if
LDAP is down, I doubt anyone wants to code that, and I'd rather we not
be duplicating LDAP passwords within the Roller database anyway. It's a
security issue to store passwords in multiple places, plus companies
normally require LDAP passwords to be changed every couple of months or
so, causing the LDAP passwords being stored in Roller to fall out of sync.
If a company's LDAP server is down they'll have bigger problems than
their blog server, and if they want to use LDAP they should have a
backup solution already in place in case their LDAP server goes down. WDYT?
Regards,
Glen