Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
LDAP connection failures when channel binding is enforced by the Windows LDAP server
2020-11-16
02:43 AM
5,358 Views
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Change 1:Use the LdapEnforceChannelBinding registry entry to make LDAP authentication over SSL/TLS more secure
- This option affects LDAP over TLS or LDAPS connections. The proposed Windows update for this setting should have no impact on ONTAP authentication.
- More information on LDAP over TLS concepts and Does ONTAP support port 636 for LDAPS (LDAP over SSL)
- Currently ONTAP does not support LDAP Channel Binding, this feature is being tracked here:
Are there any progress on BUG 1136213 ?
Solved! See The Solution
View By:
- View By:
-
ONTAP 9
1 ACCEPTED SOLUTION
Mjizzini has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Pal,
Our Engineering Team is working closely with Microsoft and has provided an update last week that the fix for RFE 1136213: Implement channel binding tokens for LDAP with StartTLS is tentatively scheduled for ONTAP 9.10. As paul_stejskal mentioned, please work with your Account Team if you need this fixed earlier.
Regards,
Team NetApp
Team NetApp
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well, per the bug if you really want to turn that feature on instead of setting to 2:
Set "LdapEnforceChannelBinding" on the LDAP server to "1" which indicates "Enabled, when supported".
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you need this fixed, I would recommending talking to your account team. They can help prioritize this if needed if this is going to break things for you.
Mjizzini has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Pal,
Our Engineering Team is working closely with Microsoft and has provided an update last week that the fix for RFE 1136213: Implement channel binding tokens for LDAP with StartTLS is tentatively scheduled for ONTAP 9.10. As paul_stejskal mentioned, please work with your Account Team if you need this fixed earlier.
Regards,
Team NetApp
Team NetApp
