Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

LDAP with Unencryted setting is not working when LDAP Signing is activated on Windows Domain Controller

 

Information

 

Summary:

LDAP with Unencryted setting is not working when Group Policy Edition is set to LDAP Signing is activated on the Windows Domain Controller.

Environment:

Product: Loadmaster

Version: Any

Platform: Any

Application: Windows

Question/Problem Description:

LDAP with Unencryted setting is not working when LDAP Signing Group Policy Edition set to activated on the Windows Domain Controller

Steps to Reproduce:  
Error Message: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection
Defect Number:  
Enhancement Number:  
Cause: To improve the security of a directory server by configuring the server to reject Simple Authentication and Security Layer. LDAP binds that do not request signing (integrity verification), or reject LDAP simple binds that are performed on a clear text (non-SSL/TLS-encrypted) connection.
Resolution:

When the LDAP protocol is set to Unencrypted, Loadmaster sends a Simple Bind request, and Domain Controler or RS endpoint rejects the traffic by saying "The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection."

You need to set the LDAP protocol to LDAPS it will work as LDAPS, it uses signing with SSL using port 636 and sends Encrypted data and non-clear text.

Workaround:  
Notes: How to enable LDAP signing in Windows Server
How to Configure an LDAP Endpoint

Was this article helpful?
0 out of 0 found this helpful

Comments