On Tue, 2010-02-09 at 14:21 -0700, Craig White wrote:
On Tue, 2010-02-09 at 18:08 +0000, Joseph L. Casale wrote:
This looks like the way to go, I don't like the username /pass stored in plain text but maybe if I create a special group that doesn't really have any privileges this would work, geez AD is just plain bad...lol, Thanks.
I guess you think insecure would be better? If I understand your need, you want to make AD insecure, so please enable anonymous binds so you don't need a user/pass to make the query:)
Or program your own auth backend that binds with the intended creds asking for auth:) Oh, and do this w/o tls/ssl because you want it insecure:)
seems to me that permitting an anonymous bind to LDAP is inherently more secure than requiring a user/password combination so I don't think that your explanation is exactly true. In Microsoft's view, the only systems querying LDAP would be systems automatically passing the authentication.
Craig
----
Yes it is true, you have to have that for it to work correctly.
John