?
Solved

How to setup LDAP and LDAPS on a Windows 2008 R2 server

Posted on 2014-01-25
4
Medium Priority
?
23,753 Views
1 Endorsement
Last Modified: 2014-01-26
I have a 3rd party application that needs LDAP for authentication.  I have a Windows 2008 R2 Active Directory server, and I would like it to be used as my LDAP server.  The server and authentication is only used on my LAN.

1. How would I go about setting up unsecure LDAP on the AD server?

2. I would prefer to use LDAPS.  If I wanted to install LDAPS on the server, would I need to have a verified certificate from a provider such as GoDaddy or Verisign?  If I can just use the AD server without having to purchase a 3rd party certificate, could someone point me in the direction on how to setup this please?
1
Comment
Question by:hbcit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1000 total points
ID: 39809206
Having AD on the server means you have LDAP (unsecured).  I can't think of a third party app that supports LDAP that doesn't support AD but check with the vendor.

You can use a third part cert for LDAPS but you don't have to.  Check this wiki out and let us know what questions you have

http://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx

Thanks

Mike
0
 

Author Comment

by:hbcit
ID: 39809353
Thanks Mike. :)  Did not know that about unsecured LDAP.  That solves that then and means I can at least start with using LDAP.

I started now with LDAPS, and following the wiki doc you mentioned.  Must I install the AD Certificate Services role first?  I am asking as when I start with point 1 in the document which is to run "certsrv.msc", the server does not find it.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 1000 total points
ID: 39809512
The link that Mike has provided is for an internal CA and certsrv requires you to have ADCS installed before you can use this command. If you plan on using an internal PKI (CA) I would not recommend installing this on the Domain Controller itself. Rather install it on another member server and request the certificate this way.

Personally I would recommend doing this via 3rd party as it is much easier and there is no need to install/configure a PKI (internal CA).

The link below describes how to request a CSR using "certreq" which you will be able to send it off to your 3rd party once it has been generated, they will then provide you with a valid cert.

Import the cert in the Services NTDS section, as Mikes document has outlined.

Generate CSR for 3rd party SSL cert

Will.
0
 

Author Closing Comment

by:hbcit
ID: 39809961
Thanks guys for the comments.  I have an internal CA running on my test machine now, but I will need to rethink things as it would have gone on my actual domain controller.  Thanks for the advice.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month11 days, 1 hour left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question