ONTAP Discussions

BUG - LdapEnforceChannelBinding

DONBARTON1

We are being directed by our Organization to implement LdapEnforceChannelBinding, specifically, Channel Binding Token (CBT) to 2 as a registry key.

 

I've opened a case and was told that this is not supported as mentioned in the KB/BURT.  There is a roadmap to maybe be supported in 9.10? 

 

My question is, is anyone else dealing with this, and what did you do to resolve it?  Or, are we unique? 🙂

 

Note: Our current plan is to switch to a Windows File server and present storage from OnTap.

 

Any inputs would be greatly appreciate.  Thanks!

 

KB

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Microsoft_Security_Advisory%3A_ADV190023_impact_on_NetApp_appliance_ru...

 

BURT

https://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=1136213

 

MS Adv

https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV190023

 

 

2 REPLIES 2

Re: BUG - LdapEnforceChannelBinding

paul_stejskal

If you have a case open, ask if they can backport it if you really need it. Talk to your account team to help prioritize it too.

Re: BUG - LdapEnforceChannelBinding

DONBARTON1

Thank you for the reply.  I was wondering if there was anyone out there in the same boat and what their course of action was.  I found another thread with the same message I was told in my case. 

 

"Our Engineering Team is working closely with Microsoft and has provided an update last week that the fix for RFE 1136213: Implement channel binding tokens for LDAP with StartTLS is tentatively scheduled for ONTAP 9.10. As paul_stejskal mentioned, please work with your Account Team if you need this fixed earlier."

 

https://community.netapp.com/t5/ONTAP-Discussions/LDAP-connection-failures-when-channel-binding-is-enforced-by-the-Windows-LDAP/td-p/161187

Earn Rewards for Your Review!
GPI Review Banner
All Community Forums
Public