[
https://issues.apache.org/jira/browse/DIRSERVER-2352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17408888#comment-17408888
]
Aaron S Dills commented on DIRSERVER-2352:
------------------------------------------
Tested 2.1.0, also affected
> LdapNetworkConnection fails bind(SaslGssApiRequest)
> ----------------------------------------------------
>
> Key: DIRSERVER-2352
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2352
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: kerberos, ldap
> Affects Versions: 1.0.2
> Environment: Fedora 33 5.12.12-200, AdoptOpenJDK 11.0.12.0.7 , Tomcat
> 9.0.45
> Reporter: Aaron S Dills
> Priority: Critical
>
> Microsoft introduced a new requirement on AD domain controllers found here:
> [https://support.microsoft.com/en-us/topic/2020-ldap-channel-binding-and-ldap-signing-requirements-for-windows-ef185fb8-00f7-167d-744c-f299a66fc00a]
>
> This has broken binding SaslGssApiRequest with an LdapNetworkConnection that
> has startTls. On our DC if I toggle the RegistryEntry
> "LdapEnforceChannelBinding" the bind(SaslGssApiRequest) works again.
> There is a new JNDI environment property that can be set to use channel
> binding:
> [https://bugs.openjdk.java.net/browse/JDK-8245527]
> We need to be able to set this.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
