By: Thomas Maerz user 23 Dec 2015 at 2:42 p.m. CST

2 Responses

While troubleshooting LDAP connectivity during initial setup I am seeing the LDAP bind password in cleartext in the log files. I am not a security expert but this might be bad practice: http://security.stackexchange.com/questions/16824/is-it-common-practice-to-log-rejected-passwords

None

closed

By Aliaksandr Samuseu staff 23 Dec 2015 at 2:52 p.m. CST

Copy

Hi, Thomas. I believe it's only shown because by default most logs' levels in Gluu are set to "Debug". So it traces every step providing as more info as possible. You can control log verbosity for oxauth and oxtrust by editing /opt/tomcat/webapps/oxauth/WEB-INF/classes/log4j.xml and /opt/tomcat/webapps/identity/WEB-INF/classes/log4j.xml files, correspondingly. May be others will provide better advice, though. Alex.

By Mohib Zico staff 24 Dec 2015 at 7:37 a.m. CST

Copy

Thomas, Which log file you are mentioning?

You need to Login in order to post an answer

cleartext LDAP bind password shows in log files

By: Thomas Maerz user 23 Dec 2015 at 2:42 p.m. CST

Answers

By Aliaksandr Samuseu staff 23 Dec 2015 at 2:52 p.m. CST

By Mohib Zico staff 24 Dec 2015 at 7:37 a.m. CST

Post an answer