Microsoft has enabled LDAP channel binding and LDAP signing in March this year in Active Directory Windows Servers architecture. Nutanix recommends changing Prism Authentication from LDAP on port 389 to LDAPS on ports 636 or an SSL encrypted port 3269.
Two things to note with the process are:
- changing just the port number is not enough because the LDAP protocol also needs to change to LDAPS
- Prism self-signed certificates work with the LDAPS so no extra hassle
The process is straightforward and only requires a change of a URL syntax in Prism settings.
For instructions and verification steps see:
KB-9029 Changing LDAP port 389 authentication to Secure LDAP (LDAPS) ports 636 or 3269.
For more Information about Microsoft change:
2020 LDAP channel binding and LDAP signing requirements for Windows.