Blog Post

Core Infrastructure and Security Blog
10 MIN READ

LDAP Channel Binding and LDAP Signing Requirements - March 2020 update final release

AlanLaPietra's avatar
AlanLaPietra
Icon for Microsoft rankMicrosoft
Nov 04, 2019
Hi All, Alan here again, this time trying to give some details on these two settings that are creating quite some confusion.   ATTENTION: before you continue reading I must emphasize that the MAR...
Updated Oct 06, 2023
Version 62.0
alanlapietra
AlanLaPietra's avatar
AlanLaPietra
Icon for Microsoft rankMicrosoft
Mar 11, 2020

ERAY17BG 

March update will make NO changes

* Do I have problems between DC and Clients if I don't apply the article? NO, but your are vulnerable

* First, on which system should I apply this update? ALL SYSTEMS should be updated. This is a monthly update. Regarding these specific settings, changes are made only on DC policy. For 2008 and 7 you need ESU license, see ADV190023 below

* LDAP Channel Binding and LDAP Signing Requirements

* What steps should I do to configure LDAP Channel Binding and LDAP Signing Requirements. Are the procedures in the article sufficient? YES

* AD domain name: I have to use "Active Directory Certificate Services" because it is domain.local, right? What do you mean? You need a certificate if you want to configure LDAPS, and this is preferable/easier to be from your Enterprise CA installed in you domain

 

https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirements-for-windows

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023

 

 

Alan @ PFE