find out whether username passwords are properly encoded and encrypted
At the moment spring's LdapShaPasswordEncoder is in use for encoding the passwords.
- find out whether this sufficiently encrypts the passwords in LDAP
- how is it supposed to work
See also: " Digest based password encoding is not considered secure. Instead use an adaptive one way funciton like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better use DelegatingPasswordEncoder which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure. " (from Spring documentation)