Index: lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java
===================================================================
diff -u -r43dfd9f833c87c58f4dc4a61f386b6c2cf961720 -r20ce199831888b996374f8873220db09b375a74c
--- lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java	(.../UniversalLoginModule.java)	(revision 43dfd9f833c87c58f4dc4a61f386b6c2cf961720)
+++ lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java	(.../UniversalLoginModule.java)	(revision 20ce199831888b996374f8873220db09b375a74c)
@@ -59,6 +59,7 @@
 import org.lamsfoundation.lams.usermanagement.service.UserManagementService;
 import org.lamsfoundation.lams.util.Configuration;
 import org.lamsfoundation.lams.util.ConfigurationKeys;
+import org.lamsfoundation.lams.util.HashUtil;
 import org.lamsfoundation.lams.web.session.SessionManager;
 import org.lamsfoundation.lams.web.util.AttributeNames;
 import org.lamsfoundation.lams.web.util.HttpSessionManager;
@@ -150,6 +151,11 @@
 						user = service.getUserByLogin(username);
 					} else if (AuthenticationMethodType.LAMS.equals(type)) {
 						DatabaseAuthenticator authenticator = new DatabaseAuthenticator(dsJndiName, principalsQuery);
+						// if the password is not encrypted when sent from the jsp (e.g. when it is passed
+						// unencrypted to say, ldap) then encrypt it here when authenticating against local db
+						if (!Configuration.getAsBoolean(ConfigurationKeys.LDAP_ENCRYPT_PASSWORD_FROM_BROWSER)) {
+							inputPassword = HashUtil.sha1(inputPassword);
+						}
 						isValid = authenticator.authenticate(username,inputPassword);
 					} else if (AuthenticationMethodType.WEB_AUTH.equals(type)) {
 						WebAuthAuthenticator authenticator = new WebAuthAuthenticator();
Index: lams_central/web/login.jsp
===================================================================
diff -u -r64938df458cbab9999f9a826ef2902d061648d7d -r20ce199831888b996374f8873220db09b375a74c
--- lams_central/web/login.jsp	(.../login.jsp)	(revision 64938df458cbab9999f9a826ef2902d061648d7d)
+++ lams_central/web/login.jsp	(.../login.jsp)	(revision 20ce199831888b996374f8873220db09b375a74c)
@@ -32,6 +32,7 @@
 flash is searching for this string, so leave it!:
 j_security_login_page
 -->
+<c:set var="encrypt"><%= Configuration.getAsBoolean(ConfigurationKeys.LDAP_ENCRYPT_PASSWORD_FROM_BROWSER) %></c:set>
 <lams:head>
 	<title><fmt:message key="title.login.window"/></title>
 	<lams:css  style="core"/>
@@ -46,8 +47,10 @@
 	<script language="JavaScript" type="text/javascript" src="includes/javascript/sha1.js"></script>
 	<script>
 		function submitForm(){
-			  var password=document.loginForm.j_password.value;	 
+			  var password=document.loginForm.j_password.value;
+			  <c:if test="${encrypt eq 'true'}">
 			  document.loginForm.j_password.value=hex_sha1(password);
+			  </c:if>
 			  document.loginForm.submit();
 		}
 		
Index: lams_common/db/sql/insert_lams_unix_config_data.sql
===================================================================
diff -u -r43dfd9f833c87c58f4dc4a61f386b6c2cf961720 -r20ce199831888b996374f8873220db09b375a74c
--- lams_common/db/sql/insert_lams_unix_config_data.sql	(.../insert_lams_unix_config_data.sql)	(revision 43dfd9f833c87c58f4dc4a61f386b6c2cf961720)
+++ lams_common/db/sql/insert_lams_unix_config_data.sql	(.../insert_lams_unix_config_data.sql)	(revision 20ce199831888b996374f8873220db09b375a74c)
@@ -56,4 +56,5 @@
 insert into lams_configuration (config_key, config_value) values ('LDAPGroupManagerMap','Principal');
 insert into lams_configuration (config_key, config_value) values ('LDAPUpdateOnLogin', 'true');
 insert into lams_configuration (config_key, config_value) values ('LDAPOrgField', 'code');
-insert into lams_configuration (config_key, config_value) values ('LDAPOnlyOneOrg', 'true');
\ No newline at end of file
+insert into lams_configuration (config_key, config_value) values ('LDAPOnlyOneOrg', 'true');
+insert into lams_configuration (config_key, config_value) values ('LDAPEncryptPasswordFromBrowser', 'false');
\ No newline at end of file
Index: lams_common/db/sql/insert_lams_windows_config_data.sql
===================================================================
diff -u -r43dfd9f833c87c58f4dc4a61f386b6c2cf961720 -r20ce199831888b996374f8873220db09b375a74c
--- lams_common/db/sql/insert_lams_windows_config_data.sql	(.../insert_lams_windows_config_data.sql)	(revision 43dfd9f833c87c58f4dc4a61f386b6c2cf961720)
+++ lams_common/db/sql/insert_lams_windows_config_data.sql	(.../insert_lams_windows_config_data.sql)	(revision 20ce199831888b996374f8873220db09b375a74c)
@@ -56,4 +56,5 @@
 insert into lams_configuration (config_key, config_value) values ('LDAPGroupManagerMap','Principal');
 insert into lams_configuration (config_key, config_value) values ('LDAPUpdateOnLogin', 'true');
 insert into lams_configuration (config_key, config_value) values ('LDAPOrgField', 'code');
-insert into lams_configuration (config_key, config_value) values ('LDAPOnlyOneOrg', 'true');
\ No newline at end of file
+insert into lams_configuration (config_key, config_value) values ('LDAPOnlyOneOrg', 'true');
+insert into lams_configuration (config_key, config_value) values ('LDAPEncryptPasswordFromBrowser', 'false');
\ No newline at end of file
Index: lams_common/src/java/org/lamsfoundation/lams/util/ConfigurationKeys.java
===================================================================
diff -u -r43dfd9f833c87c58f4dc4a61f386b6c2cf961720 -r20ce199831888b996374f8873220db09b375a74c
--- lams_common/src/java/org/lamsfoundation/lams/util/ConfigurationKeys.java	(.../ConfigurationKeys.java)	(revision 43dfd9f833c87c58f4dc4a61f386b6c2cf961720)
+++ lams_common/src/java/org/lamsfoundation/lams/util/ConfigurationKeys.java	(.../ConfigurationKeys.java)	(revision 20ce199831888b996374f8873220db09b375a74c)
@@ -184,4 +184,6 @@
 	public static String LDAP_ORG_FIELD = "LDAPOrgField";
 	
 	public static String LDAP_ONLY_ONE_ORG = "LDAPOnlyOneOrg";
+	
+	public static String LDAP_ENCRYPT_PASSWORD_FROM_BROWSER = "LDAPEncryptPasswordFromBrowser";
 }
\ No newline at end of file