ad-assurance - [AD-Assurance] RE: Encryption with LDAP signing

Subject: Meeting the InCommon Assurance profile criteria using Active Directory

List archive

[AD-Assurance] RE: Encryption with LDAP signing

From: Ron Thielen <>
To: "" <>
Subject: [AD-Assurance] RE: Encryption with LDAP signing
Date: Fri, 13 Sep 2013 16:53:42 +0000
Accept-language: en-US

Here’s the SANS article on securing DC LDAP with SSL.

http://www.sans.org/reading-room/whitepapers/protocols/ssl-secure-ldap-traffic-microsoft-domain-controllers-33784?show=ssl-secure-ldap-traffic-microsoft-domain-controllers-33784&cat=protocols

Ron

From: [mailto:] On Behalf Of Michael W. Brogan
Sent: Friday, September 13, 2013 11:50 AM
To:
Subject: [AD-Assurance] Encryption with LDAP signing

This thread says that LDAP signing sets the security flags ADS_USE_SIGNING & ADS_USE_SEALING:

http://social.technet.microsoft.com/Forums/en-US/249c0aab-9640-496b-94d1-ecf6021ac0b9/sign-and-encrypt-ldap-traffic

This article says that ADS_USE_SEALING uses Kerberos for encryption:

http://msdn.microsoft.com/en-us/library/aa772247.aspx

Michael W. Brogan

Technical Lead, Identity and Access Management

UW Information Technology, University of Washington

206-685-7521

[AD-Assurance] Encryption with LDAP signing, Michael W. Brogan, 09/13/2013
- [AD-Assurance] RE: Encryption with LDAP signing, Ron Thielen, 09/13/2013
  - [AD-Assurance] RE: Encryption with LDAP signing, Rank, Mark, 09/13/2013

List archive

[AD-Assurance] RE: Encryption with LDAP signing