Configuring LDAP channel binding

LDAP channel binding provides enhanced security for network communications between an Active Directory and its clients. It provides a more secure LDAP authentication over SSL and TLS. Starting with Version 11.3.5.1, Control Room supports LDAP channel binding in order to comply with the security release from Microsoft.

By default, channel binding is disabled. You can enable channel binding when required.

Procedure

  1. Go to the Control Room installation path.
  2. From the list of files in the config folder, open the um.properties file with an XML editor such as Notepad++.
  3. Define the um.ldap.channel.binding.enabled property in the um.properties file.
    For example, um.ldap.channel.binding.enabled=false
    The default value is false and channel binding is disabled.
  4. Change the value to true to enable channel binding.
    Channel binding will be enabled if it is enabled on the server side.

    To learn how to enable the channel binding on the server side, see: LDAP enforce channel binding registry entry.

  5. Save the file.