Configuring LDAP signing
LDAP signing provides enhanced security for network communications between an Active Directory and its clients. To comply with an upcoming security release from Microsoft, LDAP signing is supported in Control Room starting with Version 220.127.116.11.
For more information, see https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023.
- Go to the Control Room installation path.
- From the list of files, open the um.properties file with an XML editor such as Notepad++.
Define the um.ad.quality.of.protection property in the
For example, um.ad.quality.of.protection=auth-intSelect one of the following options to define the value of the property.
If secure LDAP (LDAPS) is enabled, this option is used as the default value and this option will work whether required signing is enabled or not.
If LDAP and required signing are enabled, this option will not work.
Authentication and integrity protection
This is the default value when LDAPS is not enabled. This option will work whether required signing is enabled or not.
Authentication with integrity and privacy protection
If required LDAP signing is enabled, configure this option if you want more security such as privacy protection.
- Save the file and restart these services: Automation Anywhere Control Room Caching, Automation Anywhere Control Room Messaging, and Automation Anywhere Control Room Service.