Solved

How to setup LDAP and LDAPS on a Windows 2008 R2 server

Posted on 2014-01-25
4
20,986 Views
1 Endorsement
Last Modified: 2014-01-26
I have a 3rd party application that needs LDAP for authentication.  I have a Windows 2008 R2 Active Directory server, and I would like it to be used as my LDAP server.  The server and authentication is only used on my LAN.

1. How would I go about setting up unsecure LDAP on the AD server?

2. I would prefer to use LDAPS.  If I wanted to install LDAPS on the server, would I need to have a verified certificate from a provider such as GoDaddy or Verisign?  If I can just use the AD server without having to purchase a 3rd party certificate, could someone point me in the direction on how to setup this please?
1
Comment
Question by:hbcit
  • 2
4 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 39809206
Having AD on the server means you have LDAP (unsecured).  I can't think of a third party app that supports LDAP that doesn't support AD but check with the vendor.

You can use a third part cert for LDAPS but you don't have to.  Check this wiki out and let us know what questions you have

http://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx

Thanks

Mike
0
 

Author Comment

by:hbcit
ID: 39809353
Thanks Mike. :)  Did not know that about unsecured LDAP.  That solves that then and means I can at least start with using LDAP.

I started now with LDAPS, and following the wiki doc you mentioned.  Must I install the AD Certificate Services role first?  I am asking as when I start with point 1 in the document which is to run "certsrv.msc", the server does not find it.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 250 total points
ID: 39809512
The link that Mike has provided is for an internal CA and certsrv requires you to have ADCS installed before you can use this command. If you plan on using an internal PKI (CA) I would not recommend installing this on the Domain Controller itself. Rather install it on another member server and request the certificate this way.

Personally I would recommend doing this via 3rd party as it is much easier and there is no need to install/configure a PKI (internal CA).

The link below describes how to request a CSR using "certreq" which you will be able to send it off to your 3rd party once it has been generated, they will then provide you with a valid cert.

Import the cert in the Services NTDS section, as Mikes document has outlined.

Generate CSR for 3rd party SSL cert

Will.
0
 

Author Closing Comment

by:hbcit
ID: 39809961
Thanks guys for the comments.  I have an internal CA running on my test machine now, but I will need to rethink things as it would have gone on my actual domain controller.  Thanks for the advice.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
Know what services you can and cannot, should and should not combine on your server.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now