XtremIO XMS systems using normal LDAP authentication from a Microsoft Active Directory server (only LDAPS is supported. See Resolution section below for more details).
Microsoft announced they will be making changes which will update Active Directory (AD) to set its default LDAP security configuration to use LDAP Channel Binding and LDAP Signing by March 2020 in order to harden security for the AD application.
As a result, there are certain configurations required on the XtremIO XMS in order to support this change.
In order to ensure this change does not affect any XMS systems that are currently using AD for user authentication, verify that Secure LDAP (LDAPS) is configured. Normal LDAP will not support the changes to Active Directory!
To verify this configuration, perform one of the following (note: The XMS can contain multiple LDAP configurations):
Login to the XMCLI and run show-ldap-configs. Collect the "LDAP-Servers" information.
Login to the GUI, navigate to System Settings (gear icon) --> Security --> LDAP Configuration. Collect the "Server URL" information.
For either method used, the collected information will be similar to the following (the example below shows a configuration with two LDAP servers):
In this example, the ldaps and 3269 together indicate that this XMS is configured. If these are both present, they indicate LDAPS is configured. If it instead says "ldap", or has a different port number than what it shown above*, then LDAPS is not configured.
*(An LDAP server can be setup to use a different port number with LDAPS authentication, but it must be verified that the LDAP server is actually listening for traffic on the specified port number with LDAPS).
Additional Information
For additional information on how to configure LDAPS, see the "Configuring the LDAP Users Authentication" section of the XtremIO User Guide.