Forgive me, with everything going on in the world at the moment I am a bit behind the curve. I am in the process of implementing the required changes for enforced use of the new channel binding and ldap signing requirements:
I have inherited an invalid domain (.local) so have created an AD CS hierarchy. We have created the require certificated and deployed it to our domain controllers. I can see using the ldp tool that LDAPS is working, and this is confirmed by our specifying LDAPS on firewall for corporate VPN acess.
My question is around the general confusion on the internet regarding what to do to clients. Do Windows clients just "magically" work, do you need to deploy the certificate to each client? What do you do regarding other devices and software that use LDAP (printers etc)?
There doesn't seem to be any clear definitive resource on the internet that I can find.
Any help or clarification would be very helpful.