Hello all,
I am working on a few client infrastructures to get it prepped for the upcoming LDAP patch/fix in March.
Yes, I know, they should have been set up for LDAPS from the beginning but most are not as you can imagine.
I am looking at VCSA 6.7 for a client and they have the SSO set for AD Integrated Auth.
For some reason, DC thinks that the vCenter appliance is requesting simple LDAP binds in the event logs.
I read up on both options and it seems that they are different measures for SSO identity source but does the integrated auth still utilize LDAP binds?
Thanks for any input.
Hi,
I read up on both options and it seems that they are different measures for SSO identity source but does the integrated auth still utilize LDAP binds? YES!
Windows Updates in March 2020 add new audit events, additional logging, and a remapping of Group Policy values that will enable hardening LDAP Channel Binding and LDAP Signing. The March 2020 updates do not make changes to LDAP signing or channel binding policies or their registry equivalent on new or existing domain controllers.
A further future monthly update, anticipated for release the second half of calendar year 2020, will enable LDAP signing and channel binding on domain controllers configured with default values for those settings.
ARomeo
Hi,
I read up on both options and it seems that they are different measures for SSO identity source but does the integrated auth still utilize LDAP binds? YES!
Windows Updates in March 2020 add new audit events, additional logging, and a remapping of Group Policy values that will enable hardening LDAP Channel Binding and LDAP Signing. The March 2020 updates do not make changes to LDAP signing or channel binding policies or their registry equivalent on new or existing domain controllers.
A further future monthly update, anticipated for release the second half of calendar year 2020, will enable LDAP signing and channel binding on domain controllers configured with default values for those settings.
ARomeo
Ok thank you.
I will just leave it alone with the IWA.
I see the discussion about SASL settings being set but I guess that is not needed.
Thank you