2020 LDAP Channel Binding & LDAP Signing recommendations from Microsoft

You may have recently read Microsoft’s recent advice to enable LDAP Channel Binding and LDAP signing. This is details in the MS article below:

https://support.microsoft.com/en-gb/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows

To support this configuration, our recommendation is to ensure that LDAPS (LDAP over SSL) is enabled on the domain controllers that Foldr uses for authentication. This is typically enabled by installing the Domain Certificate Services role on a domain controller (selecting Enterprise CA during setup), however there are other methods to enable the feature.

When LDAPS is enabled on a domain controller, Foldr must be reconfigured to connect to LDAP servers using the prefix ‘ldaps://’ to ensure they connect over SSL on port 636 rather than the default LDAP port of 389.

Using LDAPS, along with authenticating with domain controllers securely, it also unlocks the password features in Foldr (password change/expiration handling, delegated reset and self-service reset). More information on LDAPS and the password features can be found here:

Need more help?

Get in touch and we'll be happy to assist you, [email protected]

© Minnow IT. Registered in England and Wales with company number 07970411.

Made with in Bristol, UK

<