*If your Koha site uses LDAP to authenticate via Microsoft Active Directory, and that connection is unencrypted over port 389, next month's Windows Updates due on March 10 will break your site.*
See here: https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows In summary, the update will automatically turn on "Channel Binding" for the Active Directory service. Put another way, it will bind the ldap service to only listen via the TLS channel. Standard (unencrypted) connection attempts over port 389 will be rejected. This will prevent users from being able to log in. If this sounds like your site, there are three options to avoid unexpected down time: 1. Decline this update (via InTune, SCCM, WSUS, or other patch management tool). Not ideal. 2. Turn channel binding off again after installing the update. Also not ideal. 3. Update your connection to use LDAP+S over port 636. We should probably all be doing this anyway. Unfortunately, option 3 involves obtaining and installing a TLS certificate, so it may be a bit complicated for some of us. *This won't impact me personally (I'm using SAML SSO rather than LDAP), but I want to make sure other Koha managers have a chance to hear about this. * Joel Coehoorn Director of Information Technology 402.363.5603 *jcoeho...@york.edu <jcoeho...@york.edu>* *Please contact helpd...@york.edu <helpd...@york.edu> for technical assistance.* The mission of York College is to transform lives through Christ-centered education and to equip students for lifelong service to God, family, and society _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha