AnsweredAssumed Answered

Alfresco LDAP-AD Questions

Question asked by sab on Nov 11, 2014
Latest reply on Nov 23, 2014 by sab
Hi,

I have some questions i hope someone can answer.

First, i have 2 Microsoft Active Servers running 2008 on my main network.

I also have a separate network with 1 test server: Microsoft Active Server 2008 DC and 1 test server running Ubuntu 14, joined to the test domain using Centrify software and Alfresco 5 installed.
http://www.centrify.com/express/free-active-directory-authentication-for-unix-linux.asp#agents

All is OK
I then followed these instructions to get Alfresco to use users in Active Directory: (i used these instructions as it looked easy)
http://andoylang.wordpress.com/2010/07/18/alfresco-with-active-directory/

Surprisingly, it worked first time!

Now my question is:

ldap.authentication.java.naming.security.authentication=simple
Does this mean all users passwords are being sent over the network in plain text?? Could a user vacuum it using wire-shark?

ldap.authentication.java.naming.provider.url=ldap://<Your.AD.Server.IP.Address>:389
Again, port 389, for plain text passwords?

So, i could setup the following Alfresco server on my main network, but i am concerned having passwords sent in plain text. I don't think that's a good idea. Is the only way to stop this is to try Kerberos instead of LDAP-AD?

I have more questions, but should deal with this first.

Thanks

Outcomes