ldaps vs. Require LDAP Signing on domain

%3CLINGO-SUB%20id%3D%22lingo-sub-2835077%22%20slang%3D%22en-US%22%3Eldaps%20vs.%20Require%20LDAP%20Signing%20on%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2835077%22%20slang%3D%22en-US%22%3E%3CP%3EHello%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20trying%20to%20understand%20the%20preferred%20method%3F%26nbsp%3B%20Currently%20i%20have%20a%20number%20of%20client%5Capplications%20that%20are%20making%20ldap%20binds%20to%20DC's%20over%20non%20secure%20port.%20From%20reading%20on%20how%20to%20remediate%20this%20it%20sounds%20like%20i%20have%20two%20options%20.%20%231%20configure%20GPO%20on%20all%20DC's%20for%20%22Require%20LDAP%20Signing%20on%20domain%22%20or%20%232%20install%20a%20cert%20on%20every%20DC%2C%20then%20configure%20client%5Capps%20to%20connect%20over%20port%20636%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETrying%20to%20understand%20the%20best%20option%20%3F%3C%2FP%3E%3CP%3EThank%20you%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2835077%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EActive%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Emanagement%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Frequent Contributor

Hello

 

I'm trying to understand the preferred method?  Currently i have a number of client\applications that are making ldap binds to DC's over non secure port. From reading on how to remediate this it sounds like i have two options . #1 configure GPO on all DC's for "Require LDAP Signing on domain" or #2 install a cert on every DC, then configure client\apps to connect over port 636

 

Trying to understand the best option ?

Thank you 

1 Reply