Hello folks,
i installed osTicket 1.15.3 with "LDAP Authentication and Lookup"-plugin enabled to authenticate users against our local AD. Although I enabled TLS (in the plugin settings), the connection to my server (at port 389) is complete plain text (including passwords). I can state this, due to a corresponding network capture.
Can someone give me any advice to this behaviour?
Thanks a lot,
mscd
From what I've read online, 389 is plain text. You will need to configure LDAP over SSL on Port 636.
Cheers.
The plugin-option is labeled with "TLS" (NOT SSL!) ... we are using STARTTLS (on port 389) for encrypted LDAP-queries for years in conjunction with our homepage-CMS.
I'm not familiar with LDAP specifically, but from every article I've read, even though you are using 389 w/ TLS it will still use plain-text. The only way to get encryption is by using SSL on 636. You can read the posts below:
There might be another way to use TLS and have encryption but as I mentioned above, I'm no LDAP expert and as far as I can read I don't see how.
Cheers.
