ONTAP Discussions

BUG - LdapEnforceChannelBinding

DONBARTON1
783 Views

We are being directed by our Organization to implement LdapEnforceChannelBinding, specifically, Channel Binding Token (CBT) to 2 as a registry key.

 

I've opened a case and was told that this is not supported as mentioned in the KB/BURT.  There is a roadmap to maybe be supported in 9.10? 

 

My question is, is anyone else dealing with this, and what did you do to resolve it?  Or, are we unique? 🙂

 

Note: Our current plan is to switch to a Windows File server and present storage from OnTap.

 

Any inputs would be greatly appreciate.  Thanks!

 

KB

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Microsoft_Security_Advisory%3A_ADV190023_impact_on_NetApp_appliance_ru...

 

BURT

https://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=1136213

 

MS Adv

https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV190023

 

 

2 REPLIES 2

paul_stejskal
750 Views

If you have a case open, ask if they can backport it if you really need it. Talk to your account team to help prioritize it too.

DONBARTON1
679 Views

Thank you for the reply.  I was wondering if there was anyone out there in the same boat and what their course of action was.  I found another thread with the same message I was told in my case. 

 

"Our Engineering Team is working closely with Microsoft and has provided an update last week that the fix for RFE 1136213: Implement channel binding tokens for LDAP with StartTLS is tentatively scheduled for ONTAP 9.10. As paul_stejskal mentioned, please work with your Account Team if you need this fixed earlier."

 

https://community.netapp.com/t5/ONTAP-Discussions/LDAP-connection-failures-when-channel-binding-is-enforced-by-the-Windows-LDAP/td-p/161187

Public