Postby crrobinson14 » Wed Jun 02, 2004 10:07 am
The built-in LDAP server doesn't appear to require any authentication before it may be queried. I'm not talking about TLS or similar, but even requiring a password to execute a query. Should we simply disable the internal LDAP server and deploy an OpenLDAP environment, or is there a way to secure the internal LDAP server? The internal arrangement would be nice for small sites that don't have extensive directory requirements, since you'd only have to add the user in one location...