To significantly improve the security for Lightweight Directory Access Protocol (LDAP) requests to Stanford’s Active Directory (AD), University IT will enforce LDAP channel binding and LDAP signing beginning Nov. 1, 2020.
UIT is sending notifications to our IT Community colleagues to ensure that system owners and administrators are aware of this upcoming change and take action as described below.
Action required
If you are a system owner or administrator, please follow Microsoft’s guidance to enable LDAP channel binding and LDAP signing configurations. These hardened security configurations will address the vulnerability of insecure LDAP simple authentication or Simple Authentication and Security Layer (SASL) LDAP requests to Stanford’s AD.
Read more about 2020 LDAP channel binding and LDAP signing requirements for Windows.
Additional help
For additional support, please submit a Help ticket.