Is LDAP (AD) binding plain text transfer?

I configured Open Fire to authenticate against Active Directory as described in the documentation but my network analyser shows that during binding process login and password are tranferred over network as plain text. How can I fix it?

You can set it to use SSL. See my attachment below.

I’m not LDAP pro but it is strange that some kind of TLS is not used on default port. And it is the default setup which is recommended in the documentation…

With SSL: I tryied it but I got SSL handshake error. I’m not sure is it specific of my AD setup or openfire.

Correction: I’ve downloaded Apache Directory Studio and I have the same problem. So looks like it is not Open Fire issue. But it would be nice to mention plain text issue in the documentation anyway.

ldap over port 389 is plaintext. this is not openfire and is following the ldap standards (this applies to AD). secure ldap is port 636 and is also a ldap standard, openfire works in either and I am using it in secure mode with active directory

I think port 389 can be uset with StartTLS. For example xmpp protocol can be used with aternative port and SSL or standard port with StartTLS.

Standard port still can be secure even though SSL is not used.

You can think it all you like, it still won’t make it work.!! Active Directory LDAP over port 389 is clear text. Over port 636 is SSL if you have an SSL cert installed on your server.

Here’s the Microsoft Doc.

Ok, you are right about StartTLS. But Digest still can be used to avoid password in plain text transfer. I managed to connect with MD5 digest in Apache Directory Studio.

Hi all,

I can’t also connect to Apache Directory by Openfire. Anyone else who can help me?