LDAP: How to prevent teamcity are using cleartext passwords


We're currently evaluating teamcity for user CI setup and it will fit perfect for us when we found a fix for the following issue:


We configured the LDAP synchronization to sync the accounts from our windows AD to teamcity using the windows passwords. It also restricts the access of teamcity to a limited range of our AD users. But after we configured (and used) the ldap sync the Microsoft ATA reports an cleartext exposure for each user who singed on recently and also for the user credentials which are required to enable the ldap sync. 

I've searched a lot to resolve this issue, but I didn't find anything. Is there anyone how has the same problem or is there any good fix to prevent the cleartext password exposures?


Thanks for helping out!


Comment actions Permalink

Hi David,


this is a known issue with our LDAP implementation. It an be solved for the most part by simply connecting to the AD server using LDAPS, but we have seen some instances where LDAPS is properly set up but a warning about it is still present. We have plans to migrate out of the current auth method into a supported one but it's not implemented yet, so adding the LDAPS layer should at least secure the connection.

Comment actions Permalink

Hi Denis Lapuente - thanks for your fast response. After we switched over to LDAPS we didn't receive anymore reports from Microsoft ATA.


Please sign in to leave a comment.