Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

LDAPS should not be an advanced setting

Description

When authenticating using ldap, a simple bind is used.  This exposes the admin dn (account used to search ldap), and users username and password. 

I was able to confirm this while running wireshark on the ldap server that openfire authenticates with.

This can be mitigated by using ldaps and starttls.

Environment

None

Activity

Show:
Guus der Kinderen
changed the StatusNovember 22, 2019 at 7:44 PM
In Progress
Resolved
Guus der Kinderen
updated the ResolutionNovember 22, 2019 at 7:44 PM
None
Fixed
Greg Thomas
updated the Fix versionsNovember 22, 2019 at 3:34 PM
None
4.5.0
Greg Thomas
changed the StatusNovember 22, 2019 at 3:33 PM
Open
In Progress
Greg Thomas
changed the AssigneeNovember 22, 2019 at 3:33 PM
Guus der Kinderen
Greg Thomas
Greg Thomas
updated the Issue TypeNovember 22, 2019 at 10:48 AM
Bug
Improvement
Greg Thomas
updated the Linked IssuesNovember 22, 2019 at 10:48 AM
None
This issue is related to OF-1920
Greg Thomas
created the IssueNovember 22, 2019 at 10:47 AM
Fixed

Details

Assignee

Reporter

Components

Fix versions

Priority

Created November 22, 2019 at 10:47 AM
Updated November 22, 2019 at 7:44 PM
Resolved November 22, 2019 at 7:44 PM

Flag notifications