configuration file password encryption

[tlsilcankln]

I have installed a jasper server ce 6.2.1 and now want to use the ldap to synchronize windows AD users. but the setting in default_master.properties will expose the windows user and password. found some documentation on jaspersoft community that  "Passwords in configuration files are encrypted during JasperReports Server installation." My question is : is it possible to add password encryption protection to my jasper server after installation ? 

thanks!

 

[hozawa]

I'm not sure if this will answer your question but you can try installing another instance on the same server with encryption on. Note, that encryption will not only encrypt the buildomatic configuration file but also context.xml file as well.

" All subsequent JasperReports Server installations on the same server rely on the same keystore; they don't regenerate the key."

http://community.jaspersoft.com/documentation/tibco-jasperreports-server-security-guide/v610/encrypting-passwords-configuration

[tlsilcankln]

what is the purpose of installing another instance ? to reuse the existing repository and all reports and resources ?

rather than installing another instance, can I export everything to zip file using the manage > server setting > export feature and then uninstall the server and re-install it with encryption turn on ?

all my purpose is to avoid exposing the windows  user and password for ldap setting.

 

thanks

 

[hozawa]

Yes. Re-installing would be easier. I just thought you wanted to use the current installation. In that case, just install another instance and copy the encrypted files over the the current installation.

[tlsilcankln]

thanks. re-installing seems to be easier. Modify default.master.properties's property encrypt=true prior to installation (build from source) can archieve obfuscating plain text password in ldap config file sampleapplicationContext-externalAuth-LDAP.xml but what are the steps to maintain the credentials for password change ?

i.e.  in the  applicationContext-externalAuth-LDAP.xml :

<bean id="ldapContextSource"

       class="com.jaspersoft.jasperserver.api.security.externalAuth.ldap.JSLdapContextSource">

     <constructor-arg value="${external.ldap.url}" />

     <property name="userDn" value="${external.ldap.username}" />

     <property name="password" value="${external.ldap.password}"/>

</bean>

 the default_master.properties file contains

external.ldapUrl=ldap://hostname:389/dc=example,dc=com

external.ldapDn=cn=Administrator,dc=example,dc=com

external.ldapPassword=password

 

my problem is that if there is password change after installation, how to update the default_master.properties file.

can the buildomatic script run again to encrypt the changed password in plain text in default_master.properties file over an existing installation and just restart the server after build ?