Hi All,
So I have setup PrivacyIDEA, LDAPProxy talking to my Active directory for authentication. Everything looks to be working just how I want. Which is great.
Now I am trying to make ever-thing secure within reason. Please note that LdapProxy and PrivacyIdea are on the same server.
Setup
LDAP Client ==> LdapProxy + PrivacyIDEA ==> Active directory.
I can see a few area where security needs to be improved.
LdapProxy - AD lookups.
LdapProxy - PrivacyIdea
PrivacyIdea - AD
LdapProxy Plan text password.
-
LdapProxy - AD
Well this should be using SLdap with a certificate. Yet if its only do a name lookup I don’t see this as a major problem. If its doing a name lookup and password check then yes it need to be Secure. Does anyone know if this is just a Name lookup. -
LdapProxy - PrivacyIdea.
As this is on the same server. Although using secure would be great I don’t see it as a major security issue. Anyone have a comment on this? -
PrivacyIdea - AD
I already have this working with Ldap and then encryption. It is also using NTLM. So I believe this is as secure as it need to be. If this is used for the Password and OTP authentication then I don’t need to work too much about the LdapProxy - AD. Can anyone confirm that PrivacyIdea process both the Password and OTP. -
LDAPProxy Clear text password.
In the configuration file of LdapProxy I have had to create an authentication account. This required a standard user account with password. Does anyone know how to set this up without needing a clear text password?
Thanks for all you help.
Craig