This is in regard to security advisory ADV190023 and the LDAP channel binding and signing changes.
I am confused as to what is actually going to be pushed in March. Specifically, I am wondering if the default value for the LdapServerIntegrity and LdapClientIntegrity registry keys will be set to 1 or 2 as of the March update. My organization will need to communicate to customers that the .NET AD client we offer will no longer work with LDAP-based basic auth if these keys are set to 2.
Originally the March updates looked like they were going to set the keys to 2 (i.e. enforce and require LDAP signing on servers), but given the verbiage of the above advisory as well as an article I saw (I can't
post links as my account isn't verified), it looks like this is not the case? If someone can clear this up for me I would appreciate it.