Skip to main content
NetApp Knowledge Base

Does Microsoft Security Advisory ADV190023 "LDAP Channel Binding and LDAP Signing" impact SnapCenter?

Views:
788
Visibility:
Public
Votes:
2
Category:
snapcenter
Specialty:
snapx
Last Updated:

Applies to

  • SnapCenter Server

Answer

As per Microsoft Security Advisory ADV190023, Microsoft recommends hardening the configuration for LDAP Channel Binding and LDAP Signing on Active Directory Domain Controller.

ADV190023 suggests following changes:

  • Change 1: Use the LdapEnforceChannelBinding registry entry to make LDAP authentication over SSL/TLS more secure.
  • Change 2: Enable LDAP signing in Windows Server.

Microsoft security advisory ADV190023 does not affect SnapCenter:

  • SnapCenter does not support LDAPS.
    • Request For Enhancement 1281004 is submitted for supporting LDAPS.

Note: Adding/modifying LdapEnforceChannelBinding  will have no effect on SnapCenter
          LDAP channel binding applies only to communication made over SSL/TLS.

  • SnapCenter supports LDAP signing and does not do simple authentication or use unsigned SASL (Negotiate, Kerberos, NTLM or Digest) LDAP binds over non-SSL/TLS.

Note: No configuration is required on SnapCenter side for LDAP signing.

Additional Information

additionalInformation_text

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.