[ https://issues.apache.org/jira/browse/DIRSERVER-2352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17408888#comment-17408888 ]
Aaron S Dills commented on DIRSERVER-2352: ------------------------------------------ Tested 2.1.0, also affected > LdapNetworkConnection fails bind(SaslGssApiRequest) > ---------------------------------------------------- > > Key: DIRSERVER-2352 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2352 > Project: Directory ApacheDS > Issue Type: Bug > Components: kerberos, ldap > Affects Versions: 1.0.2 > Environment: Fedora 33 5.12.12-200, AdoptOpenJDK 11.0.12.0.7 , Tomcat > 9.0.45 > Reporter: Aaron S Dills > Priority: Critical > > Microsoft introduced a new requirement on AD domain controllers found here: > [https://support.microsoft.com/en-us/topic/2020-ldap-channel-binding-and-ldap-signing-requirements-for-windows-ef185fb8-00f7-167d-744c-f299a66fc00a] > > This has broken binding SaslGssApiRequest with an LdapNetworkConnection that > has startTls. On our DC if I toggle the RegistryEntry > "LdapEnforceChannelBinding" the bind(SaslGssApiRequest) works again. > There is a new JNDI environment property that can be set to use channel > binding: > [https://bugs.openjdk.java.net/browse/JDK-8245527] > We need to be able to set this. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org