Closed siepkes closed 1 year ago
You can get password values via get-sub-cfg
command in 13.0.0:
ssoadm get-sub-cfg -u amadmin -f pwd.txt -e / -s iPlanetAMAuthLDAPService -g MyLDAP
iplanet-am-auth-ldap-auth-level=0
iplanet-am-auth-ldap-search-filter=(objectclass=inetOrgPerson)
iplanet-am-auth-ldap-search-scope=SUBTREE
iplanet-am-auth-ldap-return-user-dn=true
iplanet-am-auth-ldap-bind-passwd=thisissecret
iplanet-am-ldap-user-creation-attr-list=
...
Not sure if the issue is fixed in the current master or not...
I guess it is not fixed if you compare how GetSubConfiguration
prints property values compared to GetAuthInstance
.
The issue was fixed in https://github.com/WrenSecurity/wrenam/pull/137.
Evaluate and fix issue known to OpenAM as #201801-02
Since we share a common heritage with OpenAM the issue described here as "Issue #201801-02: Configuration password stored in plain text" probably affects wren:AM too.
We need to evaluate if and how this issue affects wren:AM and fix it.
The issue in the referenced document describes the export of server settings contain some configuration passwords in plain text.
The document indicates there is no workaround.