CoryRetherford.com

 

The security of this directory server can be significantly enhanced by configuring the server to enforce validation of Channel Binding Tokens received in LDAP bind requests sent over LDAPS connections. Even if no clients are issuing LDAP bind requests over LDAPS, configuring the server to validate Channel Binding Tokens will improve the security of this server.

For more details and information on how to make this configuration change to the server, please see https://go.microsoft.com/fwlink/?linkid=2102405.

How to set the client LDAP signing requirement by using a domain Group Policy Object

1. Select Start > Run, type mmc.exe, and then select OK.
2. Select File > Add/Remove Snap-in.
3. In the Add or Remove Snap-ins dialog box, select Group Policy Object Editor, and then select Add.
4. Select Browse, and then select Default Domain Policy (or the Group Policy Object for which you want to enable client LDAP signing).
5. Select OK.
6. Select Finish.
7. Select Close.
8. Select OK.
9. Select Default Domain Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies, and then select Security Options.
10. In the Network security: LDAP client signing requirements Properties dialog box, select Require signing in the list, and then select OK.
11. In the Confirm Setting Change dialog box, select Yes.