osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now
LDAP Authentication and Lookup Plug in, sending unencrypted credentials
OK so, we are finally playing around with using the LDAP plug in for our agents. We set it up successfully, populating just the Active Directory section, Domain and DNS IP information. We did not configure any LDAP settings because eventually/soon they will be eliminating LDAP from our environment and using just Active Directory for authentication.
We very quickly got a message from our networking people that they received an alert: The alert condition for 'AD Unencrypted LDAP Binds' was triggered
Telling us that if we were setting up an application to use Active Directory, that we look into using TLS/SSL over port 636, and that we should change our passwords lol
There is a check mark in the LDAP section to "Use TLS", but does this only apply if you are configuring LDAP? Or is there another way to configure the plugin/osT to use TLS or SSL when sending our credentials from osTicket to the AD?
osTicket Version v1.10.1 (9ae093d) — Up to date
Web Server Software Microsoft-IIS/7.5
MySQL Version 5.7.17
PHP Version 5.6.24