Jump to content


LDAP Channel Binding and LDAP Signing


2 replies to this topic

#1 BrandonH75

    Member

  • Members
  • PipPip
  • 14 posts
  • LocationBurnsville, MN

Posted 16 January 2020 - 07:07 PM

We're doing some testing on the LDAP Channel Binding and LDAP Signing update coming to Windows soon (https://portal.msrc....isory/ADV190023). Bumping up the LDAP channel binding setting (https://support.micr...-registry-entry) on our Domain Controller doesn't affect LDAP logins from LiveZilla at all, but changing the LDAP signing setting (https://support.micr...ows-server-2008) causes "Wrong username or password" message when trying to sign in an operator using LDAP.

Do we need to be using secure LDAP to make this work? If so, is there an easy way to enable that?

#2 BrandonH75

    Member

  • Members
  • PipPip
  • 14 posts
  • LocationBurnsville, MN

Posted 21 January 2020 - 06:20 PM

After more Googling I finally figured out how to get our LiveZilla to work over LDAPs (on Ubuntu 18.04) to our Domain Controller. LDAP already worked, just changed to LDAPs. There seems to be the quick way and the better way...

Quick way...In /etc/ldap/ldap.conf add the line:
TLS_REQCERT never

Or, this is probably the proper way...
Exported the Base-64 encoded X.509 CA cert from our CA.
Changed the extension from .cer to .crt
Copied to /usr/share/ca-certificates/extra/
Ran:
sudo dpkg-reconfigure ca-certificates
Select Yes, and select the extra/CACERT.crt, OK.


In the LDAP settings in LiveZilla, set host to "LDAPS://domaincontroller.domain.com" and port to 636.

As far as I can tell this is working properly.

#3 Patrick Keil

    Administrator

  • Administrators
  • 3883 posts
  • LocationSingen, Germany

Posted 22 January 2020 - 11:36 AM

Thanks for sharing!





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users