Warning if you use the test button next to an ldap server the userid and password are stored in clear text in /var/log/apache2/access.log since they are passed in the URL.
<IP> - - [19/Sep/2018:14:28:22 -0500] "GET /bin/authentication/servers/loginServers.php?_dc=1537385302801&id=1&type=LDAP&action=test&admin_user=<userid>&admin_
password=<password> HTTP/1.1" 200 749
this is on version 1.0.105
Not disagreeing it is my expedition server, but if you are doing log forwarding or at a minium whomever has access to the cli has access to the logs until it gets rotated out and deleted. ( I haven't checked the logrotate settings)
Might I also suggest when you change that auth test to a post you also purge the apache2 accept logs or at least the values in those logs?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!