Solved

How to setup LDAP and LDAPS on a Windows 2008 R2 server

Posted on 2014-01-25
4
22,029 Views
1 Endorsement
Last Modified: 2014-01-26
I have a 3rd party application that needs LDAP for authentication.  I have a Windows 2008 R2 Active Directory server, and I would like it to be used as my LDAP server.  The server and authentication is only used on my LAN.

1. How would I go about setting up unsecure LDAP on the AD server?

2. I would prefer to use LDAPS.  If I wanted to install LDAPS on the server, would I need to have a verified certificate from a provider such as GoDaddy or Verisign?  If I can just use the AD server without having to purchase a 3rd party certificate, could someone point me in the direction on how to setup this please?
1
Comment
Question by:hbcit
  • 2
4 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 39809206
Having AD on the server means you have LDAP (unsecured).  I can't think of a third party app that supports LDAP that doesn't support AD but check with the vendor.

You can use a third part cert for LDAPS but you don't have to.  Check this wiki out and let us know what questions you have

http://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx

Thanks

Mike
0
 

Author Comment

by:hbcit
ID: 39809353
Thanks Mike. :)  Did not know that about unsecured LDAP.  That solves that then and means I can at least start with using LDAP.

I started now with LDAPS, and following the wiki doc you mentioned.  Must I install the AD Certificate Services role first?  I am asking as when I start with point 1 in the document which is to run "certsrv.msc", the server does not find it.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 250 total points
ID: 39809512
The link that Mike has provided is for an internal CA and certsrv requires you to have ADCS installed before you can use this command. If you plan on using an internal PKI (CA) I would not recommend installing this on the Domain Controller itself. Rather install it on another member server and request the certificate this way.

Personally I would recommend doing this via 3rd party as it is much easier and there is no need to install/configure a PKI (internal CA).

The link below describes how to request a CSR using "certreq" which you will be able to send it off to your 3rd party once it has been generated, they will then provide you with a valid cert.

Import the cert in the Services NTDS section, as Mikes document has outlined.

Generate CSR for 3rd party SSL cert

Will.
0
 

Author Closing Comment

by:hbcit
ID: 39809961
Thanks guys for the comments.  I have an internal CA running on my test machine now, but I will need to rethink things as it would have gone on my actual domain controller.  Thanks for the advice.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question