LDAP Channel binding and LDAP Signing

Recently (10 March 2020), Windows rolled out a security update that offers protection for applications against man-in-the-middle attacks. With this update you can now configure LDAP Channel binding and LDAP signing for Active Directory servers. We highly recommend you perform the LDAP Channel binding and LDAP signing as it will prevent man-in-the-middle attacks in environments that have enabled Active Directory import in ServiceDesk Plus.

Refer the link below for more information on this

https://support.microsoft.com/en-in/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirements-for-windows

Refer the links given below to know how to configure LDAP Channel binding and LDAP signing

LDAP Channel binding - https://support.microsoft.com/en-in/help/4034879/how-to-add-the-ldapenforcechannelbinding-registry-entry
LDAP signing - https://support.microsoft.com/en-in/help/935834/how-to-enable-ldap-signing-in-windows-server

Please note that the changes must be done in both the Active Directory Server and the client (an application that communicates with Active Directory server) for LDAP signing.

After these changes the Active Directory import will have no impact but the LDAP will not work which can be made to work by configuring LDAPS.

Restart the application after making the changes.