Security

Does Microsoft enabling "LDAP signing" and "LDAP enforcement channel binding" affect Splunk?

nfutatsugi_splu
Splunk Employee
Splunk Employee

Microsoft seems to be planning a security release on January 2020 for Windows Server which enables both config by default. How this will affect Splunk?

1 Solution

nfutatsugi_splu
Splunk Employee
Splunk Employee

Splunk is using Simple Bind method for LDAP connection. For users who are:

  • Using Active Directory (AD) and
  • Choosing LDAP (AD) as authentication method for Splunk and
  • NOT using LDAPS (LDAP on SSL)

will need to take action as AD will deny connection from non-SSL connection when Simple Bind is used.

For resolution, users are required to configure AD to accept SSL connection and set SSLEnabled = 1 in authentication.conf file.

Note that if self-signed cert is used in AD, settings like TLS_REQCERT=never or TLSCACertificatePath=<path> (CA cert used to generate self-signed cert required) needs to be set in $SPLUNK_HOME/etc/openldap/ldap.conf file. (Link to documentation on this config file)

View solution in original post

spayneort
Contributor

nfutatsugi_splu
Splunk Employee
Splunk Employee

Splunk is using Simple Bind method for LDAP connection. For users who are:

  • Using Active Directory (AD) and
  • Choosing LDAP (AD) as authentication method for Splunk and
  • NOT using LDAPS (LDAP on SSL)

will need to take action as AD will deny connection from non-SSL connection when Simple Bind is used.

For resolution, users are required to configure AD to accept SSL connection and set SSLEnabled = 1 in authentication.conf file.

Note that if self-signed cert is used in AD, settings like TLS_REQCERT=never or TLSCACertificatePath=<path> (CA cert used to generate self-signed cert required) needs to be set in $SPLUNK_HOME/etc/openldap/ldap.conf file. (Link to documentation on this config file)

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...