I have a linux RHEL 6 webserver we have set up to host multiple websites for our orginization. The server is a virtual machine, and exists on a hosted cloud. We also have, as one of the virtual machines in the cloud, a replicated domain controller with active directory. One of the websites we host is for employees only, and is secured by a LDAP connection to the active directory server we have in the cloud.
I have this working fine, but I can't figure out how to secure the LDAP connection. Right now its plain text, but I want it to be over SSL or TLS.
What I have done so far is tried exporting a certificate key from the ad server, and I also tried one of our certificates from our local certificate authority. I've placed the crt on the linux machine, and then placed a string in the httpd.conf that points to the crt. I've added an s to ldap:// so it looks like ldaps://, and i've tried it on the 686 port for ssl, and also leaving it on the 389 port. the ports are open from what I can tell using telnet and speaking with our cloud hosting provider (making sure the firewalls are not blocking anything).
SO regular LDAP works fine as it is configured, but I'm missing something about securing it. I'm not familiar with encryption and certificates, and my IT director isn't sure either...and its just the two of us.
Can someone help me figure this all out?
Here is how the httpd.conf looks like:
AuthName "Secure Employee Portal"
AuthLDAPURL "ldap://adserver.cloudcompany.net/ou=User Accounts,dc=mydomain,dc=local?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "CN=webserver ldap,OU=Users (Service Accounts),DC=mydomain,DC=local"
Let me know how I can help make this clearer as well. The real bottom line issue here is that I do not know how to set up this LDAP connection so it is secure. I think everything is there for the taking, but all the stuff i find online either doesnt work, or is not related to what I'm trying to do. If you can point me to a clear resource on how to get this going, that would be great. If your familiar with this sort of thing and can talk me through it a little at a time, I would greatly appreciate it. Thank you!