Today on ActiveDir.org ~Eric pointed out interesting feature in ADAM which allows ADAM administrator to configure ADAM instance to reject simple bind attempts on ports without SSL.

To do this one have to edit properties of CN=Directory Service,CN=Windows T,CN=Services,CN=Configuration,CN={<GUID>} object and set RequireSecureSimpleBind attribute value to 1.

This will reject authentication attempts which will be made using simple bind to non-SSL port on ADAM instance, however this will not prevent user or application from sending credentials with clear text to server.

Whole interesting thread about using using (or not) simple bind, ADFS and other things can be found in ActiveDir.org archives under “SUBDOMAIN AND LDAP” thread. Unfortunately list archive search is not working at this moment (at least I can’t get to it) so I can’t provide You with direct link at this moment (will try to update it later).