Issue
Microsoft is planning to push out an
update in March 2020 that will require LDAP channel binding and LDAP signing for LDAP connections.
(Please note, Microsoft initially planned to push the change in January.)
Solution
What does this mean for Unified Workspace?
As long as your LDAP connections for UW are using LDAPS (SSL over port 636) this update will not affect UW. If the LDAP connections are using plain text (non-SSL over port 389) this update will prevent UW from making the Simple Bind connection to your directory.
To verify that UW is using LDAPS, when connecting to Active Directory:
- Browse to the 8090 Management Console of your loader (https://127.0.0.1:8090/)
- Select the Directory Tab
- Verify the Enable SSL checkbox is checked
AD LDS installations are configured to use LDAPS to connect to the AD LDS instance, however, it is possible the Sync process that syncs AD to the AD LDS instance may not be set to use LDAPS.
To verify that UW is using LDAPS, when syncing AD to the AD LDS instance:
- Open webAdmin
- Expand Tree Root
- Select the container object being synced from AD
- Select the Directory Sync tab
- Verify the External Directory LDAP address contains ldaps (Example: ldaps://ADServer1.org1.local)
To use LDAPS (SSL) to connect to AD, requires LDAPS support to be enabled:
Please review this
Petri article for steps on enabling LDAPS support.