LDAP BindDN password is plaintext readable in gitbucket.conf

[LGT2]

This is an issue, as in my case, the gitbucket server can be launched by different people, with different LDAP Bind DN. Here are some solution proposals : 1 : Store the whole LDAP authentication attributes of the gitbucket.conf into the database, and maybe the SMTP part too. 2 : Allow to pass the BindDN password as command line argument (just like --data from the command line when using "java -jar gitbucket.war --data=/home/gitbucket) and the BindDN too. 2 bis: Allow input of ldap login and password through a Swing GUI with JPasswordField (I have implemented that but it is not clean enough to be commited/contributed) 3 : Crypt the whole gitbucket.conf, with the key stored in database 4 : I could avoid the issue by using an LDAP dedicated accound, for which password being readable would not be problematic (not sure it is feasible).

Do you have other ideas ? My favorite would be 2 (command line argument), with the option of passing the Bind DN too.

[ritschwumm]

when you put a password in the command line, everyone can see them with ps -ef. you don't want that.

[bviktor]

We use the "ldap" account that we created in AD for such purposes on all our appservers. In fact, I'm kinda shocked you use personal credentials for this.

[LGT2]

Originaly, I have implemented 2 bis. Since we have now moved to a linux VM without GUI, all LDAP connections are now done with user IDs. A smaller bit of code hack remains. @bviktor: It is not feasible within my organisation to have LDAP (Active Directory) accounts created for such usage. I was shoked too, but had to find a workaround. I assumes the rules are different in yours. ...