Openfire 4.1
Spark 2.8.0
I am using LDAP authentication to bring in users and groups from my Active Directory. I’ve just had a nessus scan and I have a finding:
"The remote Extensible Messaging and Presence Protocol (XMPP) service
supports one or more authentication mechanisms that allow credentials
to be sent in the clear.
The proposed solution:
Disable cleartext authentication mechanisms in the XMPP configuration.
However, I’ve read in another posting that doing so will kill my LDAP authentication with Active Directory. Is this true, and if so; do you have any suggestions how I bring the install ‘compliant’ and still use AD as my source and authenticator?
Thanks,
Rich