Hello.
While being on Admin Console, if I select Server -> Server Manager -> System Properties, the Active Directory Administrator password is displayed.
For me, this is a security issue.
Is there a way to disable this?
Another question:
How and where is this password stored? Is it stored as plain text?
Thanks in advance for your comments.
Regards.
Yes it is.
It is stroed in the database.
Yes in plain text.
This is supposed to be fixed in the next version of the server: http://www.igniterealtime.org/issues/browse/JM-1456
The ldap user account doesn’t require elevated privileges. You can use just a regular domain user account. In an attempt to make things a little more secure, I’ve restricted the account to only allow login to the DC that openfire looks at. Of course the user account isn’t a member of any other groups other than domain users. This prevents it from using RDP into the DC. I also denied the account any access to the few shares on that server.
And don’t forget to set the password on this bind user to Never Expire.
Thanks Todd Getz, speedy and Dwight Schrute for your comments. That’s a lot of help.
Regards.
Anyone can search your AD and get details from user accounts. This is why you should never put passwords in any of the fields within an AD user account. By making the search account a Domain Guest only, your ensuring they can’t logon to any PC’s or really do much of anything at all in your domain. I then use this account for all my OSS apps that need it for AD auth.