TLS cipher suite for LDAPS configuration on PAM 2.8.3

Document ID : KB000010837
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

LDAP over SSL (LDAPS) can be set to configure an LDAP domain since PAM 2.8. This article is providing with information on TLS version and Ciphersuites that PAM 2.8.x is using for LDAPS connection.

Background:

PAM 2.8 adds the option to configure an LDAP domain using an LDAP over SSL (LDAPS) connection. The LDAPS setting is located on the Config, 3rd Party page in the Add LDAP Domain panel, selectable from the SSL Usage drop-down list. When selected, the Port field is automatically populated with the default port number for LDAPS connections (636).

Environment:
PAM 2.8.3Windows 2012 R2 - AD with LDAPS configured
Instructions:

Once you set up LDAPS connection in Active Directory Server, TLS 1.0 with below cipher suites should be enabled for PAM 2.8.x to use for connection.

TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA

 

 

Additional Information:

TLS 1.2 is not supported for LDAPS in PAM 2.8.x at the moment but supported in PAM 3.0.x.