On Tue, 2010-02-09 at 14:21 -0700, Craig White wrote:
> On Tue, 2010-02-09 at 18:08 +0000, Joseph L. Casale wrote:
> > >This looks like the way to go, I don't like the username /pass stored in plain text but maybe if I create a special group that doesn't really have any privileges this would work, geez AD is just plain bad...lol, Thanks.
> > I guess you think insecure would be better? If I understand your need, you want
> > to make AD insecure, so please enable anonymous binds so you don't need a user/pass
> > to make the query
> > Or program your own auth backend that binds with the intended creds asking for auth
> > Oh, and do this w/o tls/ssl because you want it insecure
> seems to me that permitting an anonymous bind to LDAP is inherently more
> secure than requiring a user/password combination so I don't think that
> your explanation is exactly true. In Microsoft's view, the only systems
> querying LDAP would be systems automatically passing the authentication.
Yes it is true, you have to have that for it to work correctly.
CentOS mailing list