Hi, according to the documentation I should be able to use SASL with LDAP. Alas, the respective option doesn’t appear to be documented.
Quote (emphasis mine):
You should disable anonymous LDAP authentication and enable simple or SASL authentication.
Checking with tcpdump, I can see that encryption: 'plain' means exactly that and that the credentials go over the wire unencrypted to the LDAP server. Using ldapsearch, I can see that SASL works fine on port 389 of the same server.
According to this documentation we can see three types for encryption documented:
encryption: 'plain' # "start_tls" or "simple_tls" or "plain
… so going back to the first referenced piece of documentation, how do I enable SASL?
Thanks.
PS: the use of omniauth also suggests that this should be possible.