powered by Jive Software

Support connection to Active Directory with Negotiation

I have to connect to an AD LDAP via port 389 but with extended binding (SASL NEGOTIATE), port 636 (SSL) is not enabled.

Other servers support that mechanism.

LDP.exe tells me:

supportedSASLMechanisms (4): GSSAPI; GSS-SPNEGO; EXTERNAL; DIGEST-MD5;

I can’t get that to work, openfire tries to open an unencrypted session instead, which would leak passwords.

Any hints on that?