Microsoft LDAP Channel Binding and LDAP signing update for Windows Active Directory

    Applies to:
  • SecureAuth Identity Platform
  • Legacy SecureAuth IdP
Deployment model:
  • Hybrid
  • On Premises
  • Version Affected:  all


    The Microsoft channel binding and LDAP signing update for Active Directory will disable basic authentication requests sent to Domain Controllers.



    Due to a security issue, Microsoft has decided to disable all basic (clear text) authentication access to Active Directory.



    Once this mandatory patch is applied to Active Directory servers, the SecureAuth Standard authentication method will no longer work when attempting to connect to Active Directory through the IdP.

    To resolve the issue, use the Secure or SSL modes to access Active Directory servers.


    Special Considerations:  

    For additional information please see the following Microsoft articles:

    2020 LDAP channel binding and LDAP signing requirement for Windows


    ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing


    Use the LdapEnforceChannelBinding registry entry to make LDAP authentication over SSL/TLS more secure



    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful



    Please sign in to leave a comment.