Uploaded image for project: 'Directory ApacheDS'
  1. Directory ApacheDS
  2. DIRSERVER-2352

LdapNetworkConnection fails bind(SaslGssApiRequest)

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Critical
    • Resolution: Unresolved
    • 1.0.2
    • None
    • ldap, sasl
    • None
    • Fedora 33 5.12.12-200, AdoptOpenJDK 11.0.12.0.7 , Tomcat 9.0.45

    Description

      Microsoft introduced a new requirement on AD domain controllers found here:

      https://support.microsoft.com/en-us/topic/2020-ldap-channel-binding-and-ldap-signing-requirements-for-windows-ef185fb8-00f7-167d-744c-f299a66fc00a

       

      This has broken binding SaslGssApiRequest with an LdapNetworkConnection that has startTls. On our DC if I toggle the RegistryEntry "LdapEnforceChannelBinding" the bind(SaslGssApiRequest) works again.

      There is a new JNDI environment property that can be set to use channel binding: 

      https://bugs.openjdk.java.net/browse/JDK-8245527 

      We need to be able to set this.

      Attachments

        Activity

          People

            Unassigned Unassigned
            AaronSDills Aaron S Dills
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: