I have an Apache server in which I have a website with a protected directory. Protected by basic authentication against a remove LDAP server (not on same machine).
<Location "/mywebapp/myprotected">
AuthzLDAPAuthoritative on
AuthType basic
AuthName "Enter your credentials"
AuthBasicProvider ldap
AuthLDAPURL "ldap://ldap.differentserver.org:3268/dc=company,dc=org?sAMAccountName?sub?(&(objectCategory=*)(objectClass=user))"
Require valid-user
AuthLDAPBindDN 'cn="Adminaccount,OU=Service IDs,OU=Application IDs,OU=Support,OU=Administration,dc=company,dc=org'
AuthLDAPBindPassword adminpassword
</Location>
This set is currently working. All connections are plain text.
What I don't understand is why don't I see my password in wireshark when the apache server interacts with the ldap.differentserver.org. I see my password when I enter it in the popup dialog box on its way to the web server, but not from the web server to the ldap server. I do see the AuthLDAPBindPassword.
In wireshark, the only protocols I see are TCP, DNS, LDAP, HTML. I do not see any TLS protocol messages so I'm assuming that the LDAP server is not stepping up to TLS.
I see the LDAP search message on my username in plain text but my password doesn't seem to be in any of the messages.
The system IS working – I would just like an explanation of how LDAP is getting my normal user password because I don't see it.
Best Answer
I found it. It is encoded has hex bytes.