Secure your LDAP today

  • 14 July 2020
  • 0 replies
  • 595 views

Userlevel 6
Badge +5
  • Nutanix Employee
  • 433 replies

 

Microsoft has enabled LDAP channel binding and LDAP signing in March this year in Active Directory Windows Servers architecture. Nutanix recommends changing Prism Authentication from LDAP on port 389 to LDAPS on ports 636 or an SSL encrypted port 3269.

Two things to note with the process are:

  • changing just the port number is not enough because the LDAP protocol also needs to change to LDAPS
  • Prism self-signed certificates work with the LDAPS so no extra hassle

The process is straightforward and only requires a change of a URL syntax in Prism settings.

 

For instructions and verification steps see:
KB-9029 Changing LDAP port 389 authentication to Secure LDAP (LDAPS) ports 636 or 3269.

 

More on LDAP:
KB-3363 Prism: Troubleshooting LDAP and AD Issues for Prism Log On

 

For more Information about Microsoft change:
2020 LDAP channel binding and LDAP signing requirements for Windows.


This topic has been closed for comments