返回
-
标题
Does Authentication Services support LDAP signing? -
说明
If LDAP signing on Domain Controllers is required will Authentication Services continue to work?
If the Group Policy setting "Domain controller: LDAP server signing requirements" is set to "Require signature" will Authentication Services continue to work? -
解决办法
Authentication Services supports signing with the default vas.conf settings. Authentication Services will continue to function without issue with LDAP signing enforced.
The ldap-gsssasl-security-layers vas.conf setting should be left at the default setting of 0.
For reference:
From the vas.conf man page:
ldap-gsssasl-security-layers = <security level>
Default value: 0
By default, when communicating with Active Directory, the QAS API automatically encrypts LDAP traffic for data integrity and privacy. This option allows the SASL security layer to be set to a specific level. With the default value of 0, all traffic will be secured using the highest security that is supported by the LDAP server. If non-zero, the value interpreted as a bit mask as described by RFC 4752: 1 = No security layer, 2 = Integrity protection, 4 = Privacy protection.