On Tue, 2010-02-09 at 14:21 -0700, Craig White wrote: > On Tue, 2010-02-09 at 18:08 +0000, Joseph L. Casale wrote: > > >This looks like the way to go, I don't like the username /pass stored in plain text but maybe if I create a special group that doesn't really have any privileges this would work, geez AD is just plain bad...lol, Thanks. > > > > I guess you think insecure would be better? If I understand your need, you want > > to make AD insecure, so please enable anonymous binds so you don't need a user/pass > > to make the query:) > > > > Or program your own auth backend that binds with the intended creds asking for auth:) > > Oh, and do this w/o tls/ssl because you want it insecure:) > ---- > seems to me that permitting an anonymous bind to LDAP is inherently more > secure than requiring a user/password combination so I don't think that > your explanation is exactly true. In Microsoft's view, the only systems > querying LDAP would be systems automatically passing the authentication. > > Craig ---- Yes it is true, you have to have that for it to work correctly. John