Authenticating Against Active Directory LDAP Question
I have a setup where I am authenticating against Win 2003 AD. Things are working. I am concerned about the security of the ldap transaction though. I am not using SSL (MS in its documentation discourages its use). Has anyone deployed SSL and/or SASL?
one of my concerns is that anyone can fo a ldapsearch and get get the attribute msSFU30Password (which I believe is is a user's password) and then do an offline attack.
Currently I am authenticating against the AD to perform queries by using a DN and password that is specified in /etc/ldap.conf.