we had our ldap servers go offline and when users attempted to login thier password was captured in the log file
Steps to reproduce
configure ldap
turn off ldap server
attempt to login
Expected behaviour
it should log that you attempted to login but not list sensative information in logs
Actual behaviour
password listed in clear text in the log file
Server configuration
CentOs 7.3
Nginix
Postgres
**PHP version: 7.1
Nextcloud version: 12.0.5
List of activated apps:
collobora and ldapd below the code snippet:
longer
example
here
Remember, the below information may be requested if it isn’t supplied; for fastest response please provide as much as you can
[/details]
Please delete everything above when creating your topic and provide the following:
Nextcloud version (eg, 12.0.2):
Operating system and version (eg, Ubuntu 17.04):
Apache or nginx version (eg, Apache 2.4.25):
PHP version (eg, 7.1):
The issue you are facing:
Is this the first time you’ve seen this error? (Y/N):
Steps to replicate it:
- configure ldap
The output of your Nextcloud log in Admin > Logging:
PASTE HERE
The output of your config.php file in /path/to/nextcloud
(make sure you remove any identifiable information!):
PASTE HERE
The output of your Apache/nginx/system log in /var/log/____
:
PASTE HERE