MicrosoftMicrosoftPlease can you provide a simple table that says what will and won't work. There are 157 comments here already, and comments have been revised, etc.
Here's an example - THIS IS AN EXAMPLE ONLY - I DON'T KNOW [ANYMORE] IF IT'S CORRECT!
| [default] | March 2020 | mid 2020 | |
| simple bind (username + password) authentication to LDAP (port 389) | works? | works, but warns | doesn't work |
| SASL (Kerberos, etc) authentication to LDAP (port 389) | works? | works, but warns? | doesn't work? |
| simple bind (username + password) authentication to LDAPS (port 636) | works? | works? | doesn't work? |
| SASL (Kerberos, etc) authentication to LDAPS (port 636) | works? | works? | works? |
It may need another table too, showing the combinations of registry key and their effect;
DEFAULT LdapEnforceChannelBinding=0 (disabled) LDAPServerIntegrity=0 | mid 2020 update LdapEnforceChannelBinding=3 (required) LDAPServerIntegrity=3 (required) | |||||||
| simple bind (username + password) authentication to LDAP (port 389) | works? | fails? | ||||||
| SASL (Kerberos, etc) authentication to LDAP (port 389) | works? | fails? | ||||||
| simple bind (username + password) authentication to LDAPS (port 636) | works? | fails? | ||||||
| SASL (Kerberos, etc) authentication to LDAPS (port 636) | works? | works? |
[the middle columns would show the possible combinations of...
LdapEnforceChannelBinding
LDAPServerIntegrity
...and which authentication method and connection combination works.
It won't be simple, but hopefully should cut through the confusion.
