Blog

Prevent Outage Between Cisco Collaboration Services and Active Directory: Security Update to Disrupt LDAP Connections

Prevent Outage Between Cisco Collaboration Services and Active Directory: Security Update to Disrupt LDAP Connections

By TBL Admin | May 20, 2020 |

Listen to the blog in this video: 

 

Microsoft is updating security requirements for LDAP connections to Active Directory. After this update completes, Secure LDAP (LDAPS) will become mandatory for all LDAP connections to Active Directory from specific Cisco Collaboration applications. 

Why is this security update happening? 

The existing default settings have a vulnerability that may expose Active Directory domain controllers to an elevation of privileges, and man-in-the-middle attacks.

The Secure LDAP updates harden the connection to Active Directory’s existing LDAP channel binding and LDAP signing mechanisms, making the system more secure. For more detailed information, read Microsoft's Security Advisory here.

What Cisco Collaboration applications are affected? 

This update affects all LDAP connections to Active Directory from the following Cisco Collaboration applications: 

  • Cisco Unified Communications Manager 
  • IM and Presence Service 
  • Cisco Unity Connection 
  • Cisco Expressway 
  • Cisco Meeting Server 
  • Cisco Meeting Management 
  • Cisco Jabber 
  • Cisco Unified Intelligence Center 
  • Cisco Unified Attendant Console Advanced 

When do network changes need to take place to prepare for the security update? 

Though this security update is not expected to become mandatory until the second half of the calendar year 2020, it is recommended that Cisco Collaboration applications are updated to use Secure LDAP as soon as possible. Updating will both secure your LDAP connection and ensure services remain up and running when the security update becomes mandatory. 

What happens if the security changes are not made?  

After the Microsoft update, LDAP connections to Active Directory from these applications will not work unless Secure LDAP is configured. 

How to make the change: 

For each UC application that has LDAP integration enabled,  

  1. Ensure the certificate is properly installed in the trust store 
  2. Set LDAP Port to the secure port of 636 or 3269 
  3. Check the 'Use TLS' check box 

Detailed step-by-step instructions can be found here.

 

Getting Help:  

Subscribe Customers: This update is included in your Subscribe agreement 

Limelight Plus Customers: Details and documentation will be provided. For assistance, a ticket can be submitted. 

No maintenance agreement: Reach out to us here. 

 

 

Recent Posts