Currently all LDAP queries to Active Directory are being sent in plain text (including the password). I dont know if Active Directory supports SSL encryption for querying (port 686). Does anybody know if there is a way to secure these communications?
LDAP TCP Stream
0V…`Q…DCN=Username,OU=org_unit,DC=domain,DC=com…!!PASSWORDHERE!!0…a …
…0"…B…0…2.16.840.1.113730.3.4
I don’‘t know if we’'ve tested SSL with AD before. However, from the LDAP documentation in Jive Messenger:
ldap.sslEnabled – a value of “true” to enable SSL connections to your LDAP server. If you enable SSL connections, the LDAP server port number most likely should be changed to 636.
So, in the config file, that would be true</sslEnabled (but in your existing ldap section).
Regards,
Matt
Yes Active Directory does support this.
I found out by installing a Root Certificate Authority on Active Directory, AD will enable SSL communications on port 636 for LDAP queries. Microsoft has an article on this.