MozillaZine

LDAP Server using admin password: Security Risk?

User Help for Mozilla Thunderbird
conrad9900
 
Posts: 14
Joined: February 22nd, 2017, 2:33 am

Post Posted January 17th, 2019, 5:13 am

I have set up an LDAP connection to our DC. However the connection requires administrator password.
Users can then browse the tools>security options to reveal our administrator password.
is there a way to setup address book LDAP without a password being stored?

tanstaafl
Moderator

User avatar
 
Posts: 44908
Joined: July 30th, 2003, 5:06 pm

Post Posted January 17th, 2019, 7:00 pm

I'd expect admin privileges only to be needed to edit the contents (via a browser). Is there any reason why you could not configure the LDAP server to also allow connections without a password for read-only access? My impression is that LDAP servers frequently support multiple "user store types" such as JDBC, read-only LDAP/Active Directory, read-write LDAP and read-write Active directory

conrad9900
 
Posts: 14
Joined: February 22nd, 2017, 2:33 am

Post Posted January 18th, 2019, 7:54 am

It will not allow me to access the LDAP without a password, when i try to search an email address it prompts instantly.
Have been trying multiple ways to do it without admin password being stored...no luck yet

tanstaafl
Moderator

User avatar
 
Posts: 44908
Joined: July 30th, 2003, 5:06 pm

Post Posted January 18th, 2019, 9:19 am

I am suggesting that you need to re-configure the LDAP server to offer an additional service. You currently have one that requires the admin password, that lets you do anything. I think you need to configure the LDAP server to offer another service which provides read-only access, with no password.

Return to Thunderbird Support


Who is online

Users browsing this forum: No registered users and 16 guests