Uploaded image for project: 'Openfire'
  1. Openfire
  2. OF-1929

LDAPS should not be an advanced setting

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.5.0
    • Component/s: LDAP
    • Labels:
      None

      Description

      When authenticating using ldap, a simple bind is used.  This exposes the admin dn (account used to search ldap), and users username and password. 

      I was able to confirm this while running wireshark on the ldap server that openfire authenticates with.

      This can be mitigated by using ldaps and starttls.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              gdt Greg Thomas
              Reporter:
              speedy speedy
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: