Microsoft LDAP Hardening | March 2020

[Michael Sharp]

Hi all,

We have had the below warning from Mimecast regarding Microsoft's intention to deploy an update in March which may disrupt LDAP directory synchronisation.  Presumably this will affect Hornbill also?

 

Subject: Microsoft LDAP hardening – possible action required

Dear Customer,

Microsoft has communicated that in March 2020, a security update will automatically configure Active Directory Servers to require channel binding and Lightweight Directory Access Protocol (LDAP) signing by default. As such, if this security update is applied to your server(s) you may experience disruption to your Directory Connector. 

 

Regards,

Mike.

[Steve G]

Hi @Michael Sharp,

Thanks for the heads-up. We are already aware of the ADV190023 advisory, and are investigating what needs to be done from our end. We'll let you know here once those investigations are complete.

Cheers,

Steve

[samwoo]

Following with interest

[Steve G]

Hi @Michael Sharp & @samwoo,

We've performed a number of tests using the LDAP Import Tool and Asset Discovery in Hornbill ITOM, against a domain with all of the advisory actions applied, and all tests have passed successfully without the need for changes to any of the tools.

If anyone applies the changes and finds any edge-case issues, then please let us know here and we'll investigate further, but for the time being I'm happy that we're good to go  

Thanks,

Steve