- ONTAP 9 CIFS/NFS
- Data ONTAP 8 CIFS/NFS
Beginning in ONTAP 9, you can configure signing and sealing to enable LDAP session security on queries to an Active Directory (AD) server. You must configure the CIFS server security settings on the storage virtual machine (SVM) to correspond to those on the LDAP server.
Signing confirms the integrity of the LDAP payload data using secret key technology. Sealing encrypts the LDAP payload data to avoid transmitting sensitive information in clear text. An LDAP Security Level option indicates whether the LDAP traffic needs to be signed, signed and sealed, or neither. The default is none.
Microsoft will be providing patch due to Windows Security Advisory ADV190023 (Patch expected in March 2020). This will change the default for LDAP to use signing:
For more information on Windows Security Advisory ADV190023, see:
Microsoft Security Advisory: ADV190023 impact on NetApp appliance running CIFS\NFS utilizing Microsoft Active Directory LDAP servers