Enhancing the security of a LDAP server connection

Using an unencrypted LDAP connection is a threat to system security. A hacker can obtain elevated privileges and use them to conduct MITM ("man-in-the-middle") attacks. To eliminate this vulnerability, Microsoft recommends signing LDAP connections and using channel binding. For more details, please refer to Microsoft documentation.

You can do the following to improve the security of the LDAP server connection:

• Configuring the signing requirement for LDAP clients
• Configuring the signing requirement for the LDAP server
• Verifying that client and server settings are applied
• Configuring the encryption type for Kerberos pre-authentication