Home » Forums » ejabberd & XMPP » ejabberd Administration

Clear text passwords in ejabberd.log on LDAP bind

Submitted by nielo on Mon, 2014-02-10 08:34

Hey there,

I've just come across clear text passwords in my /var/log/ejabberd.log. It seems that the LDAP module prints them at least on bind errors.

LDAP request failed: eldap:bind(["uid=xxxxxx,ou=xxxxxx,dc=xxxxxxxxxxx,dc=de",
"cLeArTextPassword"])

Does anybody know how to stop this behaviuor?

Thx in advance // nielo

‹ ejabberd/psi User changes roster name in client, is removed from roster for other users Problem in creating shared roster group ›

It is a log mesage of level

Submitted by mfoss on Mon, 2014-02-17 16:40.

It is a log mesage of level "error". If you set in your ejabberd config file the option loglevel to 1, then log messages of that category are not printed.

A more fine-grained solution:
1. Download ejabberd source code of your version
2. Apply this patch, so the error message doesn't display the call arguments:

--- a/src/eldap/eldap_pool.erl
+++ b/src/eldap/eldap_pool.erl
@@ -80,8 +80,8 @@ do_request(Name, {F, Args}) ->
                {'EXIT', {timeout, _}} ->
                    ?ERROR_MSG("LDAP request failed: timed out", []);
                {'EXIT', Reason} ->
-                   ?ERROR_MSG("LDAP request failed: eldap:~p(~p)~nReason: ~p",
-                              [F, Args, Reason]),
+                   ?ERROR_MSG("LDAP request failed: eldap:~p(...)~nReason: ~p",
+                              [F, Reason]),
                    {error, Reason};
                Reply ->
                    Reply

3. Compile ejabberd. Well, in fact you only care about compiling eldap_pool.erl
4. When you get the binary file eldap_pool.beam, copy it to replace the old one
5. Restart ejabberd, or reload that file at runtime using WebAdmin.

»
Syndicate content

User login