[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Network security: LDAP client signing requirements

ID: oval:org.secpod.oval:def:35278Date: (C)2016-06-10   (M)2023-12-13
Class: COMPLIANCEFamily: windows




This security setting determines the level of data signing that is requested on behalf of clients issuing LDAP BIND requests, as follows: * None: The LDAP BIND request is issued with the options that are specified by the caller. * Negotiate signing: If Transport Layer Security/Secure Sockets Layer (TLS\SSL) has not been started, the LDAP BIND request is initiated with the LDAP data signing option set in addition to the options specified by the caller. If TLS\SSL has been started, the LDAP BIND request is initiated with the options that are specified by the caller. * Require signature: This is the same as Negotiate signing. However, if the LDAP server's intermediate saslBindInProgress response does not indicate that LDAP traffic signing is required, the caller is told that the LDAP BIND command request failed. Caution If you set the server to Require signature, you must also set the client. Not setting the client results in a loss of connection with the server. Note: This setting does not have any impact on ldap_simple_bind or ldap_simple_bind_s. No Microsoft LDAP clients that are shipped with Windows XP Professional use ldap_simple_bind or ldap_simple_bind_s to talk to a domain controller. Default: Negotiate signing. Counter Measure: Configure the Network Security: LDAP server signing requirements setting to Require signature. Potential Impact: If you configure the server to require LDAP signatures you must also configure the client. If you do not configure the client it will not be able to communicate with the server, which could cause many features to fail, including user authentication, Group Policy, and logon scripts. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: LDAP client signing requirements (2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LDAP!LDAPClientIntegrity

Platform:
Microsoft Windows 10
Reference:
CCE-43458-9
CCE    1
CCE-43458-9
XCCDF    5
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_10
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_10
xccdf_org.secpod_benchmark_PCI_3_2_Windows_10
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_10
...

© SecPod Technologies