[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
7.8

Accessing Active Directory LDAP with SSL connection over the Internet

Asked by mgudites1 in Lightweight Directory Access Protocol (LDAP), Active Directory

Tags: active directory ldap ldaps ssl

Here's the situation:  We have a vendor, hosted outside of our local network, that we want people at our company to be able to authenticate to using our internal LDAP.  We don't have an Active Directory, or other LDAP server in our DMZ capable of connecting to their servers.  All of our AD servers reside in our internal network.

Here's what we did:  we made it so one of our Active Directory servers is accessible from the outside on port 636, but ONLY to the public IP addresses being used by the vendor.  That part in itself is working fine (a telnet connection to the public IP on port 636 is successful).  The server (names changed for this example obviously) is a member of a local AD domain, and the name on the network is "server1.inside.local" (internal.local is our internal domain).  Obviously the vendor won't be able to resolve to that.  So, we bought a certificate for "server1.outside.edu" (our outside domain), applied it to the server, and added some DNS entries so our network knows to send requests for both "server1.inside.local" as well as "server1.outside.edu" to this same box.  

The problem we're having:  the LDAP communications need to be secure.  We bought a certificate for "server1.outside.edu" and applied it to the server.  As far as I can tell, the cert is installed correctly, as is the intermediate CA for the cert.  However, using Microsoft's ldp.exe utility, I can't connect to the server on port 636 at "server1.outside.edu."  I can only connect to the internal DNS name, "server1.internal.local."  Even locally&for now, forget that ultimately we want an outside vendor to connect.  I can't even connect with ldp.exe using the public name when I'm on a computer that's inside of our network -- nothing in between the server and the desktop but a switch, no firewall.  I've spent hours on this, tried everything I could think of.  I went through these instructions from Microsoft..no luck:  http://support.microsoft.com/kb/321051   I'm not sure what else to do.  How do I make this work, or should I be approaching this in another way?

So to sum up:
Server's local name:  server1.internal.local
Server's outside name (applied by DNS entry):  server1.outside.edu
Certificate for server1.outside.edu is applied to the server, but can't make a secure LDAP connection to the server using that name.  

Hopefully I explained this clearly but if anything doesn't make sense, let me know.
[+][-]10/15/09 03:38 AM, ID: 25579122Accepted Solution

Your question has an Asker Certified™ answer! mgudites1 verified that this solution worked for them--which means it will likely work for you, too. Click to view the solution free for 30-days now.

About this solution

Zones: Lightweight Directory Access Protocol (LDAP), Active Directory
Tags: active directory ldap ldaps ssl
Sign Up Now!
Solution Provided By: Arenar
Participating Experts: 1
Solution Grade: A
 
[+][-]10/15/09 10:46 AM, ID: 25582898Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02/04/10 10:15 AM, ID: 26487847Administrative Comment

Experts Exchange has a courteous staff of administrators who help members get the most out of the website by means of administrative comments like this one.

Start your 30-day free trial to view this Administrative Comment or ask the Experts your question.

 
 
Loading Advertisement...
20100215-EE-VQP-121 - Hierarchy / EE_QW_3_20080625