Index: lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java
===================================================================
RCS file: /usr/local/cvsroot/lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java,v
diff -u -r1.14.2.2 -r1.14.2.3
--- lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java	25 Sep 2007 07:21:31 -0000	1.14.2.2
+++ lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java	4 Oct 2007 00:17:20 -0000	1.14.2.3
@@ -150,9 +150,16 @@
 						// if the password is not encrypted when sent from the jsp (e.g. when it is passed
 						// unencrypted to say, ldap) then encrypt it here when authenticating against local db
 						if (!Configuration.getAsBoolean(ConfigurationKeys.LDAP_ENCRYPT_PASSWORD_FROM_BROWSER)) {
-							inputPassword = HashUtil.sha1(inputPassword);
+							// try the passed in password first, LoginRequestServlet always passes in encrypted
+							// passwords
+							isValid = authenticator.authenticate(username,inputPassword);
+							if (!isValid) {
+								inputPassword = HashUtil.sha1(inputPassword);
+							}
+							isValid = authenticator.authenticate(username,inputPassword);
+						} else {
+							isValid = authenticator.authenticate(username,inputPassword);
 						}
-						isValid = authenticator.authenticate(username,inputPassword);
 					} else if (AuthenticationMethodType.WEB_AUTH.equals(type)) {
 						WebAuthAuthenticator authenticator = new WebAuthAuthenticator();
 						isValid = authenticator.authenticate(username,inputPassword);
Index: lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/LdapService.java
===================================================================
RCS file: /usr/local/cvsroot/lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/LdapService.java,v
diff -u -r1.3.2.8 -r1.3.2.9
--- lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/LdapService.java	28 Sep 2007 01:35:23 -0000	1.3.2.8
+++ lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/LdapService.java	4 Oct 2007 00:17:19 -0000	1.3.2.9
@@ -47,6 +47,7 @@
 
 import org.apache.commons.lang.StringUtils;
 import org.apache.log4j.Logger;
+import org.lamsfoundation.lams.integration.security.RandomPasswordGenerator;
 import org.lamsfoundation.lams.usermanagement.AuthenticationMethod;
 import org.lamsfoundation.lams.usermanagement.Organisation;
 import org.lamsfoundation.lams.usermanagement.OrganisationState;
@@ -58,6 +59,7 @@
 import org.lamsfoundation.lams.usermanagement.dto.BulkUpdateResultDTO;
 import org.lamsfoundation.lams.util.Configuration;
 import org.lamsfoundation.lams.util.ConfigurationKeys;
+import org.lamsfoundation.lams.util.HashUtil;
 import org.lamsfoundation.lams.util.LanguageUtil;
 
 /**
@@ -143,7 +145,7 @@
 					);
 				}
 				user.setLogin(map.get("login"));
-				user.setPassword("dummy");  // password column is not-null
+				user.setPassword(HashUtil.sha1(RandomPasswordGenerator.nextPassword(10)));
 				user.setFirstName(map.get("fname"));
 				user.setLastName(map.get("lname"));
 				user.setEmail(map.get("email"));