Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters.Policy Setting: “Domain controller: LDAP server signing requirements”.The mapping between LDAP Signing Policy settings and registry settings are included as follows: Here is the Microsoft Article on the configuration change Secure Binds on port 389/3268 will work and Binds using LDAPS (636/3269) will work. Once the the change is implemented for Requiring LDAP Integrity, Simple/Non-Secure Binds would start to fail. Signing can also work on port 389 using STARTTLS. Signing and encryption typically mean people using port 636 (LDAPS or LDAP over TLS). If you are looking at this post, you already knew that. Microsoft has been pushing companies to adopt settings to require signing and Channel binding for LDAP.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |