VCWN-65-000068 - The vCenter Server for Windows must use LDAPS when adding an SSO identity source.

Information

LDAP (Lightweight Directory Access Protocol) is an industry standard protocol for querying directory services such as Active Directory. This protocol can operate in clear text or over an SSL/TLS encrypted tunnel. To protect confidentiality of LDAP communications the LDAPS option must be selected when adding an LDAP identity source in vSphere SSO.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

From the vSphere Web Client go to Administration >> Single Sign-On >> Configuration.

Click the 'Identity Sources' tab.

For each identity source of type 'Active Directory' where LDAPS is not configured, highlight the item and click the pencil icon to open the edit dialog. Check the box at the bottom for LDAPS and click 'Next'. Click the green plus button to upload the trusted DC certificate or click the magnifying glass to extract the certificate from the DC directly. Click 'Next'. Click 'Finish'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-5_Y23M07_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-216887r879887_rule, STIG-ID|VCWN-65-000068, STIG-Legacy|SV-104669, STIG-Legacy|V-94839, Vuln-ID|V-216887

Plugin: VMware

Control ID: 20279dc12d7727a08ae2be68c27c66a18be268e0c553b616b2b7ac97c4caed65