Warning - LDAP should not be used without TLS other than Diagnostic Purposes

12/20/2019 41 17084

DESCRIPTION:

TLS provides security to LDAP communications by implementing SSL.  By default, TLS is enabled on a new LDAP connection.  When unchecking the ‘Use TLS’ option, you may see the warning “Warning - LDAP should not be used without TLS other than for diagnostic purposes.  This is highly insecure.”

RESOLUTION:

What is TLS:

Transport Layer Security (TLS) is a protocol that provides privacy and data integrity between two communicating applications. It's the most widely deployed security protocol used today, and is used for Web browsers and other applications that require data to be securely exchanged over a network, such as file transfers, VPN connections, instant messaging  and voice over IP

The TLS Handshake Protocol allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before data is exchanged. In a typical scenario, only the server is authenticated and its identity is ensured while the client remains unauthenticated. The mutual authentication of the servers requires public key deployment to clients. When a server and client communicate, TLS protocol ensures that no third party may eavesdrop, tamper with any message, and message forgery

• If TLS is not desired, then ignore the error and uncheck ‘Use TLS’ and click ‘OK’ when the warning appears.
• If TLS is desired, we have to make sure if LDAP supports TLS and is configured to integrate over TLS .  You will need to install a certificate on your server and make sure that it is listening for connections on the ‘Port Number’ configured in the LDAP settings.

For information on preparing a Windows server for LDAP communication with TLS, see: 

How to Integrate LDAP over TLS with Windows Server 2012

Integrating LDAP over TLS in SonicOS Enhanced with Windows Server 2008