In March 2020, Microsoft will update all Windows systems to increase security for Active Directory/LDAP authentication. To learn more, see 2020 LDAP channel binding and LDAP signing requirement for Windows.
WatchGuard recommends that you use TLS for Active Directory and LDAP authentication. With this change, it will be mandatory for Windows authentication. For instructions, see Configure LDAP Authentication.
For AuthPoint, you must also enable LDAPS in your external identity configuration. To learn more, see Sync Users from Active Directory or LDAP
WatchGuard software compatibility with the 2020 LDAP channel binding and LDAP signing requirement:
Note: The SSO Agent supports LDAPS on port 389; it does not currently support LDAPS on port 636. For more information, see https://techsearch.watchguard.com/KB/WGKnowledgeBase?lang=en_US&SFDCID=kA10H000000kCbdSAE&type=Known+Issues