On Active Directory domain controllers, there are a number of unsafe standard configurations for LDAP channel binding and LDAP signing. LDAP-channel binding and LDAP-signing provide ways to increase security for communication between LDAP clients and Active Directory domain controllers. In an upcoming release, Microsoft will provide a Windows update that will change LDAP-channel binding and LDAP-signing to more secure configurations by default.
Microsoft wird aus Sicherheitsgründen LDAP damit standardmäßig nicht mehr unterstützen
Adjustments in EASY Capture Plus for LDAPS
There is no update required to use LDAPS with EASY Capture Plus. You just need to adjust one setting in EASY Capture Configuration.
Therefore please start EASY Capture Configuration. You find the shortcut normally placed on the desktop of you EASY Capture Plus Server.
Now navigate to the node /EASY CAPTURE PLUS/Software/CAPTURE ASE/Basics
You can open the configuration with a double-click on ‚Basics‘
If checkbox ‚Active‘ is checked you use LDAP authentifcation in EASY Capture Plus and you need to adjust the port to use LDAP-S. Please change the port from 389 (default LDAP port) to port 636 (default LDAPS port). There is no further action required.
You can test your LDAP-S configuration with button ‚Test‘. If your configuration is correct you see a dialog box with the message ‚Successful‘. Please close the configuration dialog with ‚Ok‘ to save the configuration. Please restart Windows service ‚EASY Capture Center‘.
If checkbox ‚Active‘ is unchecked you do not use LDAP authentification in EASY Capture Plus and no change in configuration is neccessary. Please leave dialog with ‚Cancel‘.
Certificate of the Active Directory Controller
Usually the required certificates are already known on the member servers. If errors occur when connecting via LDAPS, please check the certificates on the participating servers.
The certificate must be issued for the “server authentication” and must contain the server name and the FQDN as “DNS name” entry.
Adjustments in EASY Archive
Please also note that EASY for Exchange uses the LDAP interface in EASY Archive. To activate LDAPS in EASY archive, please check the settings according to the chapter “Directory services” in the EASY archive documentation.