To improve security and align with InCommon Bronze and Silver profiles, ITS will disable plain text LDAP authentication against Active Directory, effective July 14. This change primarily impacts Mac clients that specifically bind to Active Directory upon user login. This change does not impact any currently-supported Windows operating systems.
Mac users whose department has a support contract with UNL ITS will have this configuration change automatically distributed via Casper client management. Other department IT admins have the option of using Casper to distribute the settings change via Casper as well. Devices that are not managed by Casper will need to have the settings change performed manually to enable secure LDAP connections to the Active Directory. This change does not require un-binding the client computer and/or re-binding it to the AD again. All new client devices will need to have secure LDAP enabled before binding to the AD.
To manually configure the change on a Mac OS—As an admin from the Terminal, run the following command:
dsconfigad -packetencrypt ssl
ITS is logging all plain-text LDAP connections to the domain controllers and can inform IT staff if a system or appliance is not currently in compliance.
If you are concerned about any system, appliance or application that uses LDAP to connect to the Active Directory, please contact activedirectory@unl.edu.
For more information on how UNL client management tools can streamline processes for your department's Windows and Mac clients, please contact the Enterprise Desktop Services team. Read more at
http://its.unl.edu/desktop/