Content Comparison

This page serves as a record of the testing done, and remaining, for eliminating the use of unsigned protocols or plaint text LDAP from macOS computers to using resources from an Active Directory domain.

References

...

• Microsoft
  • ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing
  • 2020 LDAP channel binding and LDAP signing requirement for Windows
  • LDAP Channel Binding and LDAP Signing Requirements
• Joe Schiffman's solution guide
  • Bind Mac OS to Active Directory over SSL
• Apple
  • Configure domain access in Directory Utility on Mac

 

...

EventCode 2889

...

The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a clear text (non-SSL/TLS-encrypted) LDAP connection. 

Splunk

EventCode 2889

index="winevent_dc_index" source="wineventlog:directory service" EventCode="2889"

BindType

index="winevent_dc_index" source="wineventlog:directory service" EventCode="2889"
| rex field=_raw "(?ms)Binding\s+Type:\s+(?<typeBind>\d)"
| table _time, host, EventCode, ClientIPAddress, typeBind