Impact to Citrix Technology

• This update will not impact Citrix Virtual App and Desktop Windows components: The update anticipated for the second half of 2020 requires SSL/TLS encryption for communication occurring over 389 and 636 to prevent any PLAINTEXT communication over both ports.  Virtual App and Desktop Windows components do not rely on PLAINTEXT communication over 389.
• The update may impact Linux VDA.  Linux VDA depends on LDAP for VDA registration and policy evaluation. To resolve, configure LDAPS for Linux VDA. 
• The update may impact Citrix ADC/GW LDAP communication if the customer has configured the LDAP Service for PLAINTEXT. To resolve, you should modify the LDAP to use TLS or SSL as described in CTX269461.

Other Components not affected: 

• Citrix Cloud Connectors
• Citrix Apps and Desktops - Virtual Delivery Agent
• Citrix Apps and Desktops - Broker
• Workspace App
• Storefront
• Director
• App Layering
• Workspace Environment Management
• Endpoint Management

1. Enable LDAP channel binding
2. Enable LDAP signing 

For more details on the Microsoft update please refer to below link:

• ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing
• LDAP Channel Binding and LDAP Signing Requirements

This update is expected in March 2020.

• https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows
• https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023
• https://support.microsoft.com/en-us/help/4034879/how-to-add-the-ldapenforcechannelbinding-registry-entry
• https://support.microsoft.com/en-us/help/935834/how-to-enable-ldap-signing-in-windows-server-2008
• https://support.citrix.com/article/CTX269461
• https://docs.citrix.com/en-us/linux-virtual-delivery-agent/current-release/configuration/configure-ldaps.html