LDAPS should not be an advanced setting

Description

When authenticating using ldap, a simple bind is used.  This exposes the admin dn (account used to search ldap), and users username and password. 

I was able to confirm this while running wireshark on the ldap server that openfire authenticates with.

This can be mitigated by using ldaps and starttls.

Environment

None
Fixed
Your pinned fields
Click on the next to a field label to start pinning.

Assignee

Greg Thomas

Reporter

speedy