[cifs-protocol] 120022021002221 MS-ADTS | Optional LDAP channel-binding in Windows

[Tom Jebo]

[dochelp to bcc]
[support to cc]

Hi Isaac, 

Thank you for you question about LDAP channel-binding. One of the Open Specifications team members will respond to begin assisting you with this question. In the meantime, I've created case 120022021002221 to track and added the case number to the subject of this email. Please leave the case number in the subject and refer to it when communicating about this issue with us. 

Best regards,
Tom Jebo
Sr Escalation Engineer
Microsoft Open Specifications

-----Original Message-----
From: Isaac Boukris <iboukris at gmail.com> 
Sent: Thursday, February 20, 2020 12:11 PM
To: Interoperability Documentation Help <dochelp at microsoft.com>; Stefan Metzmacher <metze at samba.org>; Simo Sorce <simo at redhat.com>; cifs-protocol at lists.samba.org
Subject: [EXTERNAL] MS-ADTS | Optional LDAP channel-binding in Windows

Hello dochelp,

Another question on channel-binding in LDAP, per:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4034879&data=02%7C01%7Ctomjebo%40microsoft.com%7Cf23963dfc6164976ab9b08d7b641135a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637178262928527087&sdata=4H6mAQXBg1eyihmf9zNTQ%2B2Zo78mSFACcIPbYhM%2BXVU%3D&reserved=0

The documentation says that when LdapEnforceChannelBindings=1 only client that supports channel-bindings are required to provide it. Can you please document how does this work? How the server knows the client version to apply this logic?

Thank you