Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-216887 | VCWN-65-000068 | SV-216887r612237_rule | Medium |
Description |
---|
LDAP (Lightweight Directory Access Protocol) is an industry standard protocol for querying directory services such as Active Directory. This protocol can operate in clear text or over an SSL/TLS encrypted tunnel. To protect confidentiality of LDAP communications the LDAPS option must be selected when adding an LDAP identity source in vSphere SSO. |
STIG | Date |
---|---|
VMW vSphere 6.5 vCenter Server for Windows Security Technical Implementation Guide | 2021-06-23 |
Check Text ( C-18118r531363_chk ) |
---|
Note: This requirement is applicable for Active Directory over LDAP connections and Not Applicable when the vCenter or PSC server is joined to AD and using integrated windows authentication. From the vSphere Web Client go to Administration >> Single Sign-On >> Configuration. Click the "Identity Sources" tab. For each identity source of type "Active Directory", highlight the item and click the pencil icon to open the edit dialog. If the LDAPs box at the bottom is not checked, this is a finding. |
Fix Text (F-18116r366376_fix) |
---|
From the vSphere Web Client go to Administration >> Single Sign-On >> Configuration. Click the "Identity Sources" tab. For each identity source of type "Active Directory" where LDAPS is not configured, highlight the item and click the pencil icon to open the edit dialog. Check the box at the bottom for LDAPS and click "Next". Click the green plus button to upload the trusted DC certificate or click the magnifying glass to extract the certificate from the DC directly. Click "Next". Click "Finish". |