Hi folks,

 

Question on LDAP signing and Channel binding. 

 

I have been doing some test and research on my lab to finally understand the fact what it does LDAP signing, and the only thing I noticed is that the simple bind will be failed due to 'strong quthentication' error unless we do within the LDAPS with certificate.

 

However, it is also said that the LDAP response will be signed in order to prevent MITM attacks, so when it sign the response, it should add something to the packet. However when I trace the network, I see nothing which indicates the sign flag. Here is a response:

 

 

This link is one the best links I found among all the crappy links that talk about LDAP signing : https://docs.microsoft.com/en-ca/archive/blogs/askds/understanding-ldap-security-processing

 

There, it is clear that some sort of header is added to the LDAP response, but I do not have it? am I missing something?

 

Anothe point that is talked literally nowhere is 'Channel Binding'. Have you implemented it and what it does exatly?

 

Thanks.