Microsoft seems to be planning a security release on January 2020 for Windows Server which enables both config by default. How this will affect Splunk?
Splunk is using Simple Bind method for LDAP connection. For users who are:
will need to take action as AD will deny connection from non-SSL connection when Simple Bind is used.
For resolution, users are required to configure AD to accept SSL connection and set SSLEnabled = 1
in authentication.conf file.
Note that if self-signed cert is used in AD, settings like TLS_REQCERT=never
or TLSCACertificatePath=<path>
(CA cert used to generate self-signed cert required) needs to be set in $SPLUNK_HOME/etc/openldap/ldap.conf file. (Link to documentation on this config file)
This was moved to March 2020.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023
Splunk is using Simple Bind method for LDAP connection. For users who are:
will need to take action as AD will deny connection from non-SSL connection when Simple Bind is used.
For resolution, users are required to configure AD to accept SSL connection and set SSLEnabled = 1
in authentication.conf file.
Note that if self-signed cert is used in AD, settings like TLS_REQCERT=never
or TLSCACertificatePath=<path>
(CA cert used to generate self-signed cert required) needs to be set in $SPLUNK_HOME/etc/openldap/ldap.conf file. (Link to documentation on this config file)