[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 24979
  • Last Modified:

How to setup LDAP and LDAPS on a Windows 2008 R2 server

I have a 3rd party application that needs LDAP for authentication.  I have a Windows 2008 R2 Active Directory server, and I would like it to be used as my LDAP server.  The server and authentication is only used on my LAN.

1. How would I go about setting up unsecure LDAP on the AD server?

2. I would prefer to use LDAPS.  If I wanted to install LDAPS on the server, would I need to have a verified certificate from a provider such as GoDaddy or Verisign?  If I can just use the AD server without having to purchase a 3rd party certificate, could someone point me in the direction on how to setup this please?
1
hbcit
Asked:
hbcit
  • 2
2 Solutions
 
Mike KlineCommented:
Having AD on the server means you have LDAP (unsecured).  I can't think of a third party app that supports LDAP that doesn't support AD but check with the vendor.

You can use a third part cert for LDAPS but you don't have to.  Check this wiki out and let us know what questions you have

http://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx

Thanks

Mike
0
 
hbcitAuthor Commented:
Thanks Mike. :)  Did not know that about unsecured LDAP.  That solves that then and means I can at least start with using LDAP.

I started now with LDAPS, and following the wiki doc you mentioned.  Must I install the AD Certificate Services role first?  I am asking as when I start with point 1 in the document which is to run "certsrv.msc", the server does not find it.
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
The link that Mike has provided is for an internal CA and certsrv requires you to have ADCS installed before you can use this command. If you plan on using an internal PKI (CA) I would not recommend installing this on the Domain Controller itself. Rather install it on another member server and request the certificate this way.

Personally I would recommend doing this via 3rd party as it is much easier and there is no need to install/configure a PKI (internal CA).

The link below describes how to request a CSR using "certreq" which you will be able to send it off to your 3rd party once it has been generated, they will then provide you with a valid cert.

Import the cert in the Services NTDS section, as Mikes document has outlined.

Generate CSR for 3rd party SSL cert

Will.
0
 
hbcitAuthor Commented:
Thanks guys for the comments.  I have an internal CA running on my test machine now, but I will need to rethink things as it would have gone on my actual domain controller.  Thanks for the advice.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now