Skip to content
Explore more InterSystems sites:
Australia New Zealand
Australia & New Zealand
Benelux
Benelux:
Benelux:
Brazil
Brazil
Chile
Chile
China
China
Czech Republic
Czech Republic
Finland
Finland
France
France
Germany
Germany
Hungary
Hungary
indonesian flag
Indonesia
Italy
Italy
Japan
Japan
Middle East Region
Middle East
South Africa
South Africa
Middle East Region
Southeast Asia
Spain
Spain
Sweden
Sweden
United Kingdom Ireland
United Kingdom & Ireland
United States
United States
Explore more InterSystems sites:
Australia New Zealand
Australia & New Zealand
Benelux
Benelux:
Benelux:
Brazil
Brazil
Chile
Chile
China
China
Czech Republic
Czech Republic
Finland
Finland
France
France
Germany
Germany
Hungary
Hungary
indonesian flag
Indonesia
Italy
Italy
Japan
Japan
Middle East Region
Middle East
South Africa
South Africa
Middle East Region
Southeast Asia
Spain
Spain
Sweden
Sweden
United Kingdom Ireland
United Kingdom & Ireland
United States
United States
Keressen, hogy többet megtudjon az InterSystems termékeiről és megoldásairól, karrierlehetőségekről és még sok másról.
Home
Product Alerts & Advisories
Advisory: LDAP Active Directory Connections

Advisory: LDAP Active Directory Connections

Feb 27, 2020

February 27, 2020 – Advisory: LDAP Active Directory Connections

Starting in March 2020, Microsoft plans to release a series of security updates that will cause Windows Active Directory (AD) servers to reject unencrypted simple binds. For more details on the changes to Active Directory, see Microsoft’s Security Advisory ADV190023.

Instances of all InterSystems products using LDAP with Windows AD servers for user login can be impacted if they are not already properly configured to use TLS/SSL. The impact is not limited to instances running on Windows versions. The potential impact exists whether instances perform LDAP authentication directly or via the Delegated Authentication mechanism.

Based on InterSystems testing using updated AD servers with the default security policies, it is recommended that you configure all LDAP AD connections to use TLS/SSL prior to applying the relevant Microsoft patches to your AD servers. See the note at the end of this advisory for guidance on configuration.

Additionally, prior to updating any AD servers, you must install Microsoft patch CVE-2017-8563 on all Windows servers that connect to these AD servers. Otherwise, the AD servers will reject connections from the Windows servers, even if they use TLS/SSL.

If you have any questions regarding this advisory, please contact the Worldwide Response Center.

Note on configuration:

  • If you are using LDAP configurations, select the Use TLS/SSL encryption for LDAP sessions checkbox, as described in the “ Using LDAP” chapter of the Security Administration Guide.
  • If you are using the %SYS.LDAP class, call the StartTLSs() method, as described in the Class Reference Documentation. The Init() and SetOption() methods are also relevant.

Both LDAP configurations and the %SYS.LDAP class must have all certificate(s) necessary to validate the AD server’s certificate used in the TLS handshake, including the Certificate Authority root certificate and any intermediate certificates. Contact your Windows Active Directory administrator to obtain a copy of the required certificate(s). Install these as appropriate:

  • For Windows clients, in the Windows local computer certificate store
  • For non-Windows clients, in a file accessible by the instance in PEM format. If exporting the certificate from Windows using the Certificate Export Wizard, this format will be called "Base-64 encoded X.509".

For more information on certificate locations, see the “ Using LDAP” chapter of the Security Administration Guide.

RELATED TOPICS
Caché Ensemble HealthShare InterSystems IRIS InterSystems IRIS for Health

Latest Alerts & Advisories

Aug 15, 2024
Product Alerts & Advisories
Alert: Database Corruption with Multi-Volume Databases after Truncation
InterSystems has corrected a defect that can cause database corruption or errors with multi-volume databases under extremely rare circumstances. Only databases that have been truncated are at risk.
More
Jul 24, 2024
Risk & Safety Alert HS2024-03: Multiple Alerts for InterSystems IRIS for Health, HealthShare Health Connect and HealthShare Solutions
There are four alerts in the HS2024-03 Alert Communication. A summary of each alert is shown below. Details for each alert are contained in the linked document.
More
Jun 24, 2024
Product Alerts & Advisories
Advisory: VMware vSAN Data Consistency Errors
Broadcom recently announced a problem that can cause data consistency errors in database applications. The Broadcom article is available here:
More
May 30, 2024
Product Alerts & Advisories
Advisory: License Enforcement Changes – REST and SOAP
Beginning with the release of InterSystems IRIS® data platform 2022.3, InterSystems corrected the license enforcement mechanism to include REST and SOAP requests. Due to this change, environments with non-core-based licenses that use REST or SOAP may experience greater license utilization after upgrading. To determine if this advisory applies to your InterSystems license, follow the instructions in the FAQ linked below.
More
May 01, 2024
Product Alerts & Advisories
Alert: SQL Query using “NOT %INLIST” fails to return results
InterSystems has corrected an issue that can cause a small number of SQL queries to return incorrect results. See below for the specifics on impacted queries.
More
Apr 08, 2024
Product Alerts & Advisories
Alert: Upgrades fail for HealthShare Health Connect instances not licensed for HL7® FHIR®
InterSystems has encountered a defect that causes some upgrades of HealthShare® Health Connect to fail. This only affects instances that are not licensed for the use of FHIR® and that have interoperability-enabled namespaces. Under these conditions, the upgrade fails with an error.
More
Mar 19, 2024
Product Alerts & Advisories
Advisory: AIX Memory Leak
In evaluating an IBM Support notification, InterSystems has determined a potential impact for our customers. The notification in question is:
More
Feb 27, 2024
Product Alerts & Advisories
Alert HS2024-limited: InterSystems IRIS for Health, Health Connect & HealthShare Solution Alert for Customers who Received an Ad Hoc Correction for HSIEO-8613
There is 1 alert in the HealthShare HS2024-limited Alert communication. An alert summary for the issue is shown is in the table below. Details for the alert are contained in the attached document: HS2024 Limited Communication.
More
Feb 01, 2024
Product Alerts & Advisories
Alert HS2024-02: Multiple InterSystems IRIS for Health, Health Connect & HealthShare Solution Alerts
There are 2 alerts in the HealthShare HS2024-02 Alert communication. An alert summary for each issue is shown is in the table below. Details for each alert are contained in the attached document: HS2024-02-Communication.
More
Jan 17, 2024
Product Alerts & Advisories
Advisory: Users Unable to Log in After Upgrade Due to Missing Index
This problem affects the following products:
More