Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1554
  • Last Modified:

Google Apps Directory Sync LDAP port 389

I'm configuring Google Apps Directory Sync and forward port 389 to my Active Directory server.

It works. But is this a security risk?

If yes, what are the steps/requirements for using LDAP+SSL for the connection?

0
TANGLAD
Asked:
TANGLAD
  • 3
  • 3
1 Solution
 
Paul TozerCommented:
The issue would be that the password is sent as plain text so a packet sniffer could potentially get the password. Depending on how much priviliges you give the account used to read the LDAP, could be a security risk.

See http://support.microsoft.com/kb/321051 if you want to change your LDAP to use SSL, plus change your connection on Directory Sync to use port 636 instead of 389

Personally mine is set to use 389, and as our domain controller has outbound internet access I run the directory sync from it, negating the issue.
0
 
TANGLADAuthor Commented:
I run the directory sync on the domain controller as well and I have forwarded port 389 to the dc.
Is that a risk?
0
 
Paul TozerCommented:
how do you mean you have forwarded port 389 on the dc.

all you need to do is set it as attached image, changing your base DN and authorised user

I can't see any security risk as it is done locally (so no network sniffing), and port 389 is open anyhow
Untitled.png
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
TANGLADAuthor Commented:
I did the forward in the firewall
0
 
Paul TozerCommented:
Don't do that, there is no need. That is a security risk

The directory sync reads the LDAP details locally and then uploads the information to Google/Postini through HTTP/S
0
 
TANGLADAuthor Commented:
Great. Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now