LDAP Signing

Posted on 2012-08-21
Last Modified: 2012-08-22
I am getting Event ID 2886 in a new install of Windows 2008 Server. Is there a downside to enbling the server to  reject simple LDAP bind requests and other bind requests that do not include LDAP signing?
Question by:gayagaya2
    1 Comment
    LVL 77

    Accepted Solution

    how to set it up in your domain

    This policy, as the name indicates, only impacts domain controllers. By default LDAP traffic is unsigned an unencrypted making it vulnerable to man-in-the-middle attacks and eavesdropping. This setting controls whether the domain controller signs data sent to the client which allows the client to make sure the data was not modified in transit. This is important because the client makes security decisions based on LDAP query results. For instance, member servers rely on LDAP queries to find out group membership or to determine which group policy objects should be applied.

    Featured Post

    Too many email signature changes to deal with?

    Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

    Join & Write a Comment

    With the higher take up rate of SAN’s, virtualisation etc, windows devices with more than one network interface are becoming more common.  As a general rule when a service that is installed on a Windows operating system is running, it only listens o…
    I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
    This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
    This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

    731 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now