sends password in cleartext before STARTTLS when binding

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Configure openldap-auth-ldap to connect to an LDAP server with TLS enabled
2. Connect to openvpn
3. Run tcpdump -A -s 0 -n -i br0 port 389 on the ldap server 

You will see that that the bind-DN and password are transmitted in cleartext.

What is the expected output? What do you see instead?

The plugin sends the bind-DN and password in cleartext. The plugin should not 
bind to a TLS-enabled LDAP server until STARTTLS is issued. 

What version of the product are you using? On what operating system?

2.0.3 on Debian squeeze

Please provide any additional information below.

This bug is listed on the Debian bug tracker, and someone has posted a patch 
that fixes the problem: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610339

Original issue reported on code.google.com by pdwerryh...@gmail.com on 30 Sep 2011 at 11:16

• Merged into: #19

[GoogleCodeExporter]

Incidentally, the patch also fixes the problem where openvpn-auth-ldap wouldn't 
connect to LDAPS servers.

Original comment by pdwerryh...@gmail.com on 30 Sep 2011 at 11:20

[GoogleCodeExporter]

issue 19 is a dupe of this one (or the other way around ;-)

Original comment by thilo.ba...@gmail.com on 15 Nov 2011 at 8:34

[GoogleCodeExporter]

Fixed as part of issue #19. Thanks!

Original comment by landon.j.fuller@gmail.com on 25 Feb 2012 at 11:08

• Changed state: Duplicate