Le 12/09/2012 16:59, teoman.onay@degroof.be a écrit :
Does this mean that the password is sent clear to the ldap server then hashed over there ? It looks like a huge security flaw ...
I'd wouldn't be so affirmative.
First, by externalising confidentialy support on the transport layer, you're building on a known and proved protocol, instead of reininventing the wheel.
Second, sending password hashes in cleartext wouldn't qualify for a good security practice either...
i've used tcpdump and unfortunately my password appears clearly ... using does imply enabling TLS ?
If you're concerned about the network traffic between your ldap server and clients, absolutly. If they are both on a private admin-only network, for instance, it would not be so much necessary.
You can easily make encryption usage mandatory for accessing the password attribute (and other similar sensible ones) using ACLs. For instance: access to dn.subtree="dc=exemple,dc=comfr" attrs=userPassword by self ssf=56 write by anonymous ssf=56 auth by * none
It does not prevent an unsuspicious user to send its password in cleartext, but it makes it useless, so largely less likely to appear in working configuration.