I am having the same issue and the question is not about SSL. The question is about SASL. OpenFire appears to support using SASL with DIGEST-MD5 authentication from the clients, but there does not appear to be a way to configure it for the OpenFire to Active Directory connection. No matter what you do, it appears to attempt to establish the connection to Active Directory using simple, plain text, authentication.
For reasons that I won’t go into here, in my case, a certificate being on the server is not an option, so, securing the authentication through SSL is not an option, but digest authentication would fit the bill. In specific, the issue that I am working on at the moment is for the OpenFire server connection to enumerate users and groups, or to be able to get through the setup dialog for that matter.
I have spent the majority of the day looking into this issue and there ar number of other questions on this board attempting to resolve this issue as well. A number of answers have suggested SSL or to use Kerberos, but for those, and me, that is just simply not what we are trying to do.
I have have seen portions of the API that indicate that only plain text is currently available, but other seem to show that digest authentication should be available. Is there anyone who might be able to point us in the right direction of how to configure the OpenFire connection to Active Directory to use SASL w/DIGEST-MD5?
I am almost at the point of downloading the source code and laboring to find out if it is possible.