LDAP server signing requirements and SASL GSS-SPNEGO on port 389

Tomasz Bielen 6 Reputation points
2023-01-11T12:56:40.92+00:00

Hi Folks

I plan to change LDAP server signing requirements to Require signing but in the network I Can see a lot of LDAP connections base on SASL GSS-SPNEGO on port 389.

Please let me know if connections base on SASL will be blocked after policy change or not ?

I enabled LDAP logging and remediated all applications generating Event logs ID like: 2887,2888,2889

Thanks

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,810 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Thameur-BOURBITA 35,256 Reputation points
    2023-01-12T23:58:44.85+00:00

    Hi,

    Please let me know if connections base on SASL will be blocked after policy change or not ?

    The answer is yes. After enabling LDAP signing on domain controller , all LDAP request/connection will be rejected by domain controller.
    I invite you to read the following article talking about LDAP signing:

    Microsoft article about LDAP Signing

    Please don't forget to mark helpful reply as answer

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.