ADV190023: Enabling LDAP channel binding and LDAP signature

book

Article ID: 142785

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Microsoft will introduce a change in the behavior of LDAP channel binding and LDAP signing enabled by default.

ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023

When the LDAP servers are used for user authentication, can it affect on the PAM behavior?

Environment

Release : 3.x
Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

If 'SSL usage' is disabled at LDAP Configuration tab for your LDAP definition, it should be affected; the connection made via LDAP to the LDAP server would not be established.
[How to Set Up LDAP Servers for User Authentication]
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-3/how-to-set-up-ldap-servers-for-user-authentication.html

Please use LDAPS instead.
[PAM and LDAPS connection and Certificate]
https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=128932