Configuring LDAP signing

LDAP signing provides enhanced security for network communications between an Active Directory and its clients. To comply with an upcoming security release from Microsoft, LDAP signing is supported in Control Room starting with Version 11.3.4.2.

For more information, see https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023.

Procedure

  1. Go to the Control Room installation path.
  2. From the list of files, open the um.properties file with an XML editor such as Notepad++.
  3. Define the um.ad.quality.of.protection property in the um.properties file.
    For example, um.ad.quality.of.protection=auth-int
    Select one of the following options to define the value of the property.
    OptionDescription
    auth Authentication only

    If secure LDAP (LDAPS) is enabled, this option is used as the default value and this option will work whether required signing is enabled or not.

    If LDAP and required signing are enabled, this option will not work.

    auth-int Authentication and integrity protection

    This is the default value when LDAPS is not enabled. This option will work whether required signing is enabled or not.

    auth-conf Authentication with integrity and privacy protection

    If required LDAP signing is enabled, configure this option if you want more security such as privacy protection.

  4. Save the file and restart these services: Automation Anywhere Control Room Caching, Automation Anywhere Control Room Messaging, and Automation Anywhere Control Room Service.