Disable simple bind without SSL on ADAM

Reading Time: < 1 minute

Today on ActiveDir.org ~Eric pointed out interesting feature in ADAM which allows ADAM administrator to configure ADAM instance to reject simple bind attempts on ports without SSL.

To do this one have to edit properties of CN=Directory Service,CN=Windows T,CN=Services,CN=Configuration,CN={<GUID>} object and set RequireSecureSimpleBind attribute value to 1.

This will reject authentication attempts which will be made using simple bind to non-SSL port on ADAM instance, however this will not prevent user or application from sending credentials with clear text to server.

Whole interesting thread about using using (or not) simple bind, ADFS and other things can be found in ActiveDir.org archives under "SUBDOMAIN AND LDAP" thread. Unfortunately list archive search is not working at this moment (at least I can't get to it) so I can't provide You with direct link at this moment (will try to update it later).

One thought on “Disable simple bind without SSL on ADAM”

  1. The above isn't quite correct. Upon opening the properties of CN=Directory Service, you then need to find msDS-Other-Settings. RequireSecureSimpleBind is in here. It can also be changed using c:\windows\adam\dsmgmt.exe (more painful).

Comments are closed.