[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

How to setup LDAP and LDAPS on a Windows 2008 R2 server

Posted on 2014-01-25
4
Medium Priority
?
24,429 Views
1 Endorsement
Last Modified: 2014-01-26
I have a 3rd party application that needs LDAP for authentication.  I have a Windows 2008 R2 Active Directory server, and I would like it to be used as my LDAP server.  The server and authentication is only used on my LAN.

1. How would I go about setting up unsecure LDAP on the AD server?

2. I would prefer to use LDAPS.  If I wanted to install LDAPS on the server, would I need to have a verified certificate from a provider such as GoDaddy or Verisign?  If I can just use the AD server without having to purchase a 3rd party certificate, could someone point me in the direction on how to setup this please?
1
Comment
Question by:hbcit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1000 total points
ID: 39809206
Having AD on the server means you have LDAP (unsecured).  I can't think of a third party app that supports LDAP that doesn't support AD but check with the vendor.

You can use a third part cert for LDAPS but you don't have to.  Check this wiki out and let us know what questions you have

http://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx

Thanks

Mike
0
 

Author Comment

by:hbcit
ID: 39809353
Thanks Mike. :)  Did not know that about unsecured LDAP.  That solves that then and means I can at least start with using LDAP.

I started now with LDAPS, and following the wiki doc you mentioned.  Must I install the AD Certificate Services role first?  I am asking as when I start with point 1 in the document which is to run "certsrv.msc", the server does not find it.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 1000 total points
ID: 39809512
The link that Mike has provided is for an internal CA and certsrv requires you to have ADCS installed before you can use this command. If you plan on using an internal PKI (CA) I would not recommend installing this on the Domain Controller itself. Rather install it on another member server and request the certificate this way.

Personally I would recommend doing this via 3rd party as it is much easier and there is no need to install/configure a PKI (internal CA).

The link below describes how to request a CSR using "certreq" which you will be able to send it off to your 3rd party once it has been generated, they will then provide you with a valid cert.

Import the cert in the Services NTDS section, as Mikes document has outlined.

Generate CSR for 3rd party SSL cert

Will.
0
 

Author Closing Comment

by:hbcit
ID: 39809961
Thanks guys for the comments.  I have an internal CA running on my test machine now, but I will need to rethink things as it would have gone on my actual domain controller.  Thanks for the advice.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question