Instead of simple bind, use SASL to provide some degree of data encryption out of the box.

      MSDN lists various mechanisms that AD supports, and it includes DIGEST-MD5, which works with plain text password Jenkins has received from the browser (via the login form.) SASL is supported by JNDI LDAP implementation so activating it should be very simple.

          [JENKINS-20733] SASL authentication with Active Directory

          One of the reasons people want JENKINS-3730 is to avoid plain text password on the network caused by simple bind. This will prevent that.

          Kohsuke Kawaguchi added a comment - One of the reasons people want JENKINS-3730 is to avoid plain text password on the network caused by simple bind. This will prevent that.

          JENKINS-15847 indicates that maybe this is also useful for LDAP plugin.

          Kohsuke Kawaguchi added a comment - JENKINS-15847 indicates that maybe this is also useful for LDAP plugin.

            Unassigned Unassigned
            kohsuke Kohsuke Kawaguchi
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: