On Tue, 2010-02-09 at 18:08 +0000, Joseph L. Casale wrote: > >This looks like the way to go, I don't like the username /pass stored in plain text but maybe if I create a special group that doesn't really have any privileges this would work, geez AD is just plain bad...lol, Thanks. > > I guess you think insecure would be better? If I understand your need, you want > to make AD insecure, so please enable anonymous binds so you don't need a user/pass > to make the query:) > > Or program your own auth backend that binds with the intended creds asking for auth:) > Oh, and do this w/o tls/ssl because you want it insecure:) ---- seems to me that permitting an anonymous bind to LDAP is inherently more secure than requiring a user/password combination so I don't think that your explanation is exactly true. In Microsoft's view, the only systems querying LDAP would be systems automatically passing the authentication. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.