Domain Controller: LDAP server signing requirementsID: oval:org.secpod.oval:def:8732 | Date: (C)2013-01-21 (M)2023-05-09 |
Class: COMPLIANCE | Family: windows |
The Domain Controller: LDAP server signing requirements setting should be configured correctly.
This security setting determines whether the LDAP server requires signing to be negotiated with LDAP clients, as follows: * None: Data signing is not required in order to bind with the server. If the client requests data signing, the server supports it. * Require signature: Unless TLS\SSL is being used, the LDAP data signing option must be negotiated.
Fix:
(1) GPO: (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain Controller: LDAP server signing requirements
(2) KEY: HKLM\System\CurrentControlSet\Services\NTDS\Parameters\ldapserverintegrity
Platform: |
Microsoft Windows Server 2008 R2 |