Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

LDAP over SSL using mail server's cert

Posted on 2013-12-06
3
Medium Priority
?
717 Views
Last Modified: 2013-12-09
I'm setting up a help desk ticketing system that's cloud hosted, and I'd like to give it access to my LDAP server so that users can login to the help desk with their familiar passwords.  I want to use SSL for security. I have a mail server/DC that has an SSL cert and public IP, and I'd like to know if I just open port 636 through my firewall and use the mail server's URL (mail.domain.com) would that work? Any suggestions are appreciated.
0
Comment
Question by:Brad212
  • 2
3 Comments
 
LVL 30

Accepted Solution

by:
Britt Thompson earned 200 total points
ID: 39702378
Yes but you'll have to add the certificate to the cert store on the server to for the client/server handshake to happen. Below is the instructions:

http://support.microsoft.com/kb/321051/en-us

If you have a Digicert certificate you can generate a duplicate to do this.
0
 

Author Comment

by:Brad212
ID: 39702430
Thank you, very helpful. Do I need a third party CA to accomplish this? Or could I just install the CA role on the server and not bother with a 3rd party CA?
0
 
LVL 30

Expert Comment

by:Britt Thompson
ID: 39702446
As long as the server connecting to the LDAP server trusts the certificate it will work.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question