Hi,

From mars 2020 MS will change their default settings in AD when it comes to AD authentication with simple binding and ldap signing.

As of today our log insight system uses either simple binding or ldap without signing i guess since i get this message if i check the logs

The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a clear text (non-SSL/TLS-encrypted) LDAP connection.

Client IP address:

x.x.x.48:52488

Identity the client attempted to authenticate as:

domain\serviceaccount

Binding Type:0

I have checked around and I cannot see that Log Insight supports ldap with signing so to me it seems like I have to configure LDAPS (LDAP over SSL / LDAP over TLS).

I don`t have much knowledge when it comes to certificates / PKI, but to my understanding I have to install a PKI solution.

This is a .local domain, so we cannot get a certificate from a 3 part, and its also a "closed" environment.

So my question is, do i need to implement a complete PKI solution (root ca+issuing ca) or is there some other manual way ?

The same thing goes for vCenter it seems.

Any comments ? How is your configuration ?

/regards

Andreas