Configure signed LDAP for user import/sync (How to)

How to configure LDAP signing for user import/sync?

Question / Problem: 

How to configure LDAP signing for user import/sync?

Answer / Solution: 

MS March 2020 update on AD/LDAP Server will require Clients (like SafeCom Server) to negotiate signing as well.


MS tech community article with further details.
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/ldap-channel-binding-and-ldap-signing-requirements-march-2020/ba-p/921536

Once the March 2020 update is applied to an LDAP server, a group policy setting on the computer running SafeCom Administrator (or the SafeCom Master used for scheduled user imports) must be configure properly.

MS example article describing how to enable LDAP signing:
https://support.microsoft.com/en-us/help/935834/how-to-enable-ldap-signing-in-windows-server-2008

How to set the client LDAP signing requirement through local computer policy

  1. Click Start, type gpedit.msc, and press Enter to start the Local Group Policy Editor.
  2. Expand Local Computer Policy, expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click Security Options.
  3. Right-click Network security: LDAP client signing requirements, and then click Properties.
  4. In the Network security: LDAP client signing requirements Properties dialog box, click to select Require signing in the drop-down list, and then click OK.
  5. In the Confirm Setting Change dialog box, click Yes.

enable_LDAP_signing.png

Applies to:  

Product Version
SafeCom G4

 

Link to original article