Does Microsoft Security Advisory ADV190023 "LDAP Channel Binding and LDAP Signing" impact SnapCenter?
Applies to
- SnapCenter Server
Answer
As per Microsoft Security Advisory ADV190023, Microsoft recommends hardening the configuration for LDAP Channel Binding and LDAP Signing on Active Directory Domain Controller.
ADV190023 suggests following changes:
- Change 1: Use the
LdapEnforceChannelBinding
registry entry to make LDAP authentication over SSL/TLS more secure. - Change 2: Enable LDAP signing in Windows Server.
Microsoft security advisory ADV190023 does not affect SnapCenter:
- SnapCenter does not support LDAPS.
- Request For Enhancement 1281004 is submitted for supporting LDAPS.
Note: Adding/modifying LdapEnforceChannelBinding
will have no effect on SnapCenter
LDAP channel binding applies only to communication made over SSL/TLS.
- SnapCenter supports LDAP signing and does not do simple authentication or use unsigned SASL (Negotiate, Kerberos, NTLM or Digest) LDAP binds over non-SSL/TLS.
Note: No configuration is required on SnapCenter side for LDAP signing.
Additional Information
additionalInformation_text