I am using the LDAP plugin, and what I absolutely do not want is for the LDAP password to be stored in the OJS database. I do not have the boxes checked for profile synchronization, password-changing, etc., but I want to confirm that the users' LDAP passwords are not on my server.
I've looked in the code for the plugin, and it seems like the password encoding option is only used with the synchronization options, but I cannot figure out what password is actually in the database. For OJS local users, I can tell that the password is the hashed username + password. For LDAP users, the password is not the hashed username + password, and it must not even be a salted version, because when I disable LDAP and set the authorization source for the user back to NULL in the database, I cannot log in with the generated password that was created along with the user.
So, my two questions are:
1) Could you please tell me if a user's LDAP password is stored in the OJS database.
2) What actually is stored for them as the password in the OJS database?