Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-26740: Does the ADV190023 Security Advisory from Microsoft - "LDAP Channel Binding and LDAP Signing requirements for Windows" affect Centrify?

Authentication Service ,   Privilege Elevation Service ,  

5 February,20 at 03:43 PM

Question:

Does the Microsoft Security Advisory ADV190023 about enforcing LDAP Channel Binding and LDAP Signing for Windows affect Centrify?


Answer:

No, those requirements for LDAP Channel Binding and LDAP Signing from Microsoft will not affect Centrify.
 
1. LDAP channel binding (TLS/SSL) does not apply to adclient, it is using LDAP port (389), not LDAPS (636).  Adclient LDAP connection to a Domain Controller is by GSSAPI (Kerberos).  Traffic encryption is also by GSSAPI Privacy (This can be seen in a Network trace).

2. Adclient LDAP binding has always supported LDAP signing.


Additional Information: (3rd party links are provided as a courtesy and Centrify is not responsible for the availability or content in those links)

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023
https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows

See also:
KB-11609: Does Centrify DirectControl support Secure LDAP?

 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.