Active IQ Unified Manager Discussions
I've a customer with a security concern. He wants to know if UM6 utilizes a secure and encrypted method to authenticate with AD. In his environment only encrypted LDAP authentication is enabled.
I guess the base question is, if UM6 uses
- simple BIND (which is unsecure and exposes the user's credentials)
- Kerberos (which is the preferred way for AD communications anyway)
If simple BIND is used, is or can SSL/TLS be used to encrypt the authentication session?
If not - what are the options? Local users?
New Info from customer:
If he uses the standard port # 389, authentication works but is insecure.
If he enters the secure port # 636 he gets "Unknown authentication server error"
I assume UM6 does not switch to secure communication automatically, if the secure port is used?
Edited by "niels" on "2013-08-26"
Added additional info from customer.
I also have a customer in DoD that will be asking about this and possibly requiring it to be able to deploy UM6.
I can't answer all of your questions but I can confirm that UM 6.0 does not support secure LDAP.
Which customer is this? As Kevin mentioned above, LDAPS is not supported in UM 6.0 and not planned for 6.1.
Can you share what UM release LDAP over SSL is planned for?
This is for HP Enterprise Services, who won the NGEN contract.