From 1941d143922ad92f87df0e7e165890b6e794b787 Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Thu, 20 May 2021 09:29:57 +0100
Subject: [PATCH] Encrypt LDAP bind password in db with SECRET_KEY (#15547)

* Encrypt LDAP bind password in db with SECRET_KEY

The LDAP source bind password are currently stored in plaintext in the db
This PR simply encrypts them with the setting.SECRET_KEY.

Fix #15460

Signed-off-by: Andrew Thornton <art27@cantab.net>

* remove ui warning regarding unencrypted password

Co-authored-by: silverwind <me@silverwind.io>
---
 doc/features/authentication.en-us.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/features/authentication.en-us.md b/doc/features/authentication.en-us.md
index 0c83fa4d..223d7aa4 100644
--- a/doc/features/authentication.en-us.md
+++ b/doc/features/authentication.en-us.md
@@ -88,8 +88,8 @@ Adds the following fields:
 - Bind Password (optional)
 
   - The password for the Bind DN specified above, if any. _Note: The password
-    is stored in plaintext at the server. As such, ensure that the Bind DN
-    has as few privileges as possible._
+    is stored encrypted with the SECRET_KEY on the server. It is still recommended
+    to ensure that the Bind DN has as few privileges as possible._
 
 - User Search Base **(required)**