Ldap requests that require signing

[jlieman]

It does not appear that LDAP signing is supported for simple binds. Can support for this be added? This is commonly configured in more recent Active Directory installs as described here. https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirements-for-windows

Here is the error received when connecting to AD servers with this requirement. StrongAuthRequiredError: 00002028: LdapErr: DSID-0C090266, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v4563

[jsumners]

Would you like to submit a pull request to add this feature? Please remember to add unit tests.

[sand123]

@jlieman do you have a workaround? I bumped into the same error. Thanks

[kushwahav]

It would be really nice to have LDAP signing support since it is a recommended security update from Microsoft.

[UziTech]

@kushwahav PRs are always welcome 😁👍

[rconstantine]

I wouldn't mind coding this, but I have no clue where to begin. I imagine there is some API on the LDAP server that needs to be used, but I can't find the docs for it. The above-linked KB doc deals with server configuration, not coding. Nor does it link to anything that would help a programmer, so far as I can tell. Thoughts?

[jsumners]

https://ldapwiki.com/wiki/LDAP%20Signing via https://duckduckgo.com/?q=ldap+signing

[jsumners]

👋

On February 22, 2023, we released version 3 of this library. As a result, we are closing this issue/pull request.

Please see issue #839 for more information, including how to proceed if you feel this closure is in error.