B
Bill Dennen
Some background:
I am using Entourage to connect to our Exchange server. Mail and
calendar work fine.
For directory services, I am using our company's regular LDAP server.
This server does not require login or SSL. It uses port 389.
Connection to mail server is over SSL.
A couple of issues:
1) LDAP searches do not work. When I do attempt to do an LDAP search,
Entourage send my username and password in clear text to the LDAP
server (even though I have configured Entourage to not authenticate).
I verified this using tcpflow.
!!! Seems like a bug and a security hole.
2) I can add another LDAP entry to the Directory Servers, using the
same info as in the Exchange entry, and it works fine (no password is
sent over the wire.
Any ideas? I am most concerned about #1 because this is a security
problem. I'm not sure why Entourage is even sending the password,
because I have configured it to not log in.
Thanks-
Bill
I am using Entourage to connect to our Exchange server. Mail and
calendar work fine.
For directory services, I am using our company's regular LDAP server.
This server does not require login or SSL. It uses port 389.
Connection to mail server is over SSL.
A couple of issues:
1) LDAP searches do not work. When I do attempt to do an LDAP search,
Entourage send my username and password in clear text to the LDAP
server (even though I have configured Entourage to not authenticate).
I verified this using tcpflow.
!!! Seems like a bug and a security hole.
2) I can add another LDAP entry to the Directory Servers, using the
same info as in the Exchange entry, and it works fine (no password is
sent over the wire.
Any ideas? I am most concerned about #1 because this is a security
problem. I'm not sure why Entourage is even sending the password,
because I have configured it to not log in.
Thanks-
Bill