{"id":107145,"date":"2020-02-27T09:57:36","date_gmt":"2020-02-27T08:57:36","guid":{"rendered":"https:\/\/easy-software.com\/?post_type=support_news&p=107145"},"modified":"2024-11-18T14:19:52","modified_gmt":"2024-11-18T13:19:52","slug":"microsoft-ldaps-patch-easy-archive","status":"publish","type":"support_news","link":"https:\/\/easy-software.com\/en\/support_news\/microsoft-ldaps-patch-easy-archive\/","title":{"rendered":"Microsoft LDAPS Patch easy Archive"},"content":{"rendered":"
\n
\n
\n
\n\n

LDAP channel binding and LDAP signing provide ways to increase the security for communications between LDAP clients and Active Directory domain controllers. A set of unsafe default configurations for LDAP channel binding and LDAP signing exist on Active Directory Domain Controllers that let LDAP clients communicate with them without enforcing LDAP channel binding and LDAP signing. This can open Active directory domain controllers to elevation of privilege vulnerabilities.<\/p>\n\n\n\n

In an upcoming release, Microsoft will provide a Windows update that by default will change the LDAP channel binding and LDAP signing to more secure configurations. When the update is available, customers will be notified via a revision to this advisory.<\/p>\n\n\n\n

For security reasons, Microsoft will no longer support LDAP by default.<\/h2>\n\n\n\n

To encrypt the communication with the external Directory Service (SSL encryption) a valid certificate is needed. This has to be created first. Alternatively, an existing certificate can be used.<\/p>\n\n\n\n

The certificate must be issued for \u201cServer Authentication\u201d and contain the server name and the fully qualified server name as a \u201cDNS Name\u201d entry.<\/p>\n\n\n\n

\"Screenshot\"\/<\/figure>\n\n\n\n
\"Screenshot\"\/<\/figure>\n\n\n\n

The certificate must be exported in DER format.<\/p>\n\n\n\n

The easy Archive server does not make use of the Certificate Store of the Windows operating system. Therefore, the certificate has to be imported into the truststore of the Java Runtime Environment of the easy Archive server.<\/p>\n\n\n\n

This is done by the keytool.exe tool to be found in the Java Runtime subdirectory of your easy Archive installation, i.e.<\/p>\n\n\n\n

c:\\<EASY Archive installation directory>\\<jre-version>\\bin\\keytool.exe -import -alias <Aliasname> -file <path\/file name of the certificate> -keystore c:\\<EASY Archive installation directory>\\<jre-version>\\lib\\security\\cacerts<\/pre>\n\n\n\n
The parameter Alias-Name can be freely chosen.<\/p>\n\n\n\n
Then you will be prompted to enter a password. The default password of the JAVA keystore is \u201cchangeit\u201d.<\/p>\n\n\n\n
Afterwards the \u201cSSL\u201d option in the LDAP wizard (to be found in Configuration Manager \u2192 User Management \u2192 Directory services \u2192 Right mouse click \u201cEdit directory service\u201d) must be activated.<\/p>\n\n\n\n
The default port for LDAPS is 636.<\/p>\n\n\n\n
Finally, the easy Archive service must be restarted.<\/p>\n\n\n
\n\nDownload Documentation<\/a>\n\n<\/div>\n\n\nrollback instruction<\/a>\n\n\n
\n\n
Support for existing customers?<\/p>\n\n\n\n
Use the information and channels in our support portal.<\/p>\n\n\n\neasy Portal<\/span><\/path><\/svg><\/span><\/a>\n\n<\/div>\n<\/div><\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
For security reasons, Microsoft will no longer support LDAP by default. This is a guide for EASY Archive.<\/p>\n","protected":false},"author":64,"featured_media":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":"","_links_to":"","_links_to_target":""},"easy_product":[1181],"third-party_provider":[1188],"class_list":["post-107145","support_news","type-support_news","status-publish","format-standard","hentry","easy_product-easy-archive-en","third-party_provider-microsoft-en","no-featured-image-padding"],"acf":[],"_links":{"self":[{"href":"https:\/\/easy-software.com\/en\/wp-json\/wp\/v2\/support_news\/107145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/easy-software.com\/en\/wp-json\/wp\/v2\/support_news"}],"about":[{"href":"https:\/\/easy-software.com\/en\/wp-json\/wp\/v2\/types\/support_news"}],"author":[{"embeddable":true,"href":"https:\/\/easy-software.com\/en\/wp-json\/wp\/v2\/users\/64"}],"replies":[{"embeddable":true,"href":"https:\/\/easy-software.com\/en\/wp-json\/wp\/v2\/comments?post=107145"}],"version-history":[{"count":0,"href":"https:\/\/easy-software.com\/en\/wp-json\/wp\/v2\/support_news\/107145\/revisions"}],"wp:attachment":[{"href":"https:\/\/easy-software.com\/en\/wp-json\/wp\/v2\/media?parent=107145"}],"wp:term":[{"taxonomy":"easy_product","embeddable":true,"href":"https:\/\/easy-software.com\/en\/wp-json\/wp\/v2\/easy_product?post=107145"},{"taxonomy":"third-party_provider","embeddable":true,"href":"https:\/\/easy-software.com\/en\/wp-json\/wp\/v2\/third-party_provider?post=107145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}