Active IQ Unified Manager Discussions

OnCommand Insight 7.3.4 build 7, service pack 9

sstrznwra
1,629 Views

Hi all,

 

is  LDAP Channel binding and LDAP signing supported on OCI Server 7.3.4 build 7, service pack 9 ??

Does anyone have experience with it ?

 

Thx

Michael

 

1 ACCEPTED SOLUTION

ostiguy
1,529 Views

Hey Michael,

 

I am not sure if we have explicitly looked at channel binding on its own. As such, I suspect

 

https://support.microsoft.com/en-us/topic/use-the-ldapenforcechannelbinding-registry-entry-to-make-ldap-authentication-over-ssl-tls-more-secure-e9ecfa...

 

If one were to set this

 

DWORD value: 2 indicates enabled, always

 

You would see failures. If that is set to 1, which means that the AD LDAP instance optionally supports channel bind, I *suspect* OCI would be fine, so long as your OCI LDAP configuration is set to use LDAPS (aka LDAP across TLS/SSL), and not just LDAP. A value of 0 should be compatible with both OCI LDAPS and LDAP configurations

 

 

Matt

 

 

 

View solution in original post

1 REPLY 1

ostiguy
1,530 Views

Hey Michael,

 

I am not sure if we have explicitly looked at channel binding on its own. As such, I suspect

 

https://support.microsoft.com/en-us/topic/use-the-ldapenforcechannelbinding-registry-entry-to-make-ldap-authentication-over-ssl-tls-more-secure-e9ecfa...

 

If one were to set this

 

DWORD value: 2 indicates enabled, always

 

You would see failures. If that is set to 1, which means that the AD LDAP instance optionally supports channel bind, I *suspect* OCI would be fine, so long as your OCI LDAP configuration is set to use LDAPS (aka LDAP across TLS/SSL), and not just LDAP. A value of 0 should be compatible with both OCI LDAPS and LDAP configurations

 

 

Matt

 

 

 

Public