Hi all,
Wanted to start off by saying am not familiar much with LDAP. I just want to make sure LDAP signing is enforced. I've enforced it through GPO specifically the "domain controller: LDAP server signing requirement" and "network security:LDAP client signing requirements" set to Require Signing.
This was proven to be pushed out via a Resultant Set of Policy tool report, but some pen testers report that ldap isnt forcing signing. Also, to test on the my side I've been using the default win11 LDP app, connecting to my domain controller server, to see if it prompts for a password or token of sorts.
My first question is if this is the correct way to test if LDAP signing is turned on, or if those GPO's I mentioned are the ones I want. I also toyed with the one titled "LDAP server channel binding token requirements" and set to Always, but same result shows via the LDP app.
Any help would be appreciated.