# HG changeset patch
# User Marcin Kuzminski <marcin@python-works.com>
# Date 2012-02-14 22:30:40
# Node ID 335b55caa81d927257c7fe635dec2e15448fd432
# Parent  9e0db8d8d616221000d4b27fe3ad347bbba1d4cc

#355 replaced stored LDAP password with some random generated one

diff --git a/rhodecode/lib/auth.py b/rhodecode/lib/auth.py
--- a/rhodecode/lib/auth.py
+++ b/rhodecode/lib/auth.py
@@ -224,8 +224,13 @@ def authenticate(username, password):
                  'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),
                  'email': get_ldap_attr('ldap_attr_email'),
                 }
-
-                if user_model.create_ldap(username, password, user_dn,
+                
+                # don't store LDAP password since we don't need it. Override 
+                # with some random generated password
+                _password = PasswordGenerator().gen_password(length=8)
+                # create this user on the fly if it doesn't exist in rhodecode
+                # database
+                if user_model.create_ldap(username, _password, user_dn,
                                           user_attrs):
                     log.info('created new ldap user %s' % username)