Securing LDAP using SSL
This user guide applies for both Nodinite LDAP products: BizTalk LDAP Adapter and LDAP Web API and describes how to make communication more secure between the Nodinite LDAP products and your LDAP Catalog Service.
This guide is a short hand version of the Microsoft Technet article LDAP over SSL (LDAPS) Certificate
In essence:
Create a new self signed cert, or install an existing cert on the Active Directory Domain Controller (one or more, depending on the clients and what servers these clients target)
- This cert must have the
Server Authenticationextended property set - It must be installed in the Active Directory Domain Services Personal Account (NTDS\Personal) certificate store
- You may need to restart the NTDS Service or reboot the server
- This cert must have the
Install the cert on the Server with the BizTalk LDAP Adapter and/or the LDAP Web API
- This cert must be installed in the Trusted Root Certification Authorities for the local machine
- Intermediate certificates are allowed, review the following article for more information about the concept itself. In this case the root cert is installed in the Trusted Root Certification Authorities and the intermediate in Intermediate Certification Authorities
Make sure the extended property
Server Authenticationstill exists on the imported and now installed cert- A reboot may be required
- This cert must be installed in the Trusted Root Certification Authorities for the local machine
Important
You should use certificates to secure the communication. Make sure to replace them as they grow old and obsolete.
Next Step
Monitoring Certificates:
Related
Nodinite Monitoring Agents