Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-26740: Does the ADV190023 Security Advisory from Microsoft - "LDAP Channel Binding and LDAP Signing requirements for Windows" affect Centrify?

Authentication Service ,   Privilege Elevation Service ,  

5 February,20 at 03:43 PM


Does the Microsoft Security Advisory ADV190023 about enforcing LDAP Channel Binding and LDAP Signing for Windows affect Centrify?


No, those requirements for LDAP Channel Binding and LDAP Signing from Microsoft will not affect Centrify.
1. LDAP channel binding (TLS/SSL) does not apply to adclient, it is using LDAP port (389), not LDAPS (636).  Adclient LDAP connection to a Domain Controller is by GSSAPI (Kerberos).  Traffic encryption is also by GSSAPI Privacy (This can be seen in a Network trace).

2. Adclient LDAP binding has always supported LDAP signing.

Additional Information: (3rd party links are provided as a courtesy and Centrify is not responsible for the availability or content in those links)

See also:
KB-11609: Does Centrify DirectControl support Secure LDAP?