Hi All, Was looking to find someone who can help with a guide on how to have secure LDAP enabled on our DC and if we need to open a specific port on the firewall?
Currently we are on Server 2008 but plan on upgrading to 2012r2 this week.
Thanks
-
Enable LDAPS
-
I have just managed to verify LDAP over SSL (LDAPS) using ldp.exe on our DC and seems to successfully authenticate, however cannot telent port 636.
-
Telnet is most likely being blocked by the firewall(s) either on the DC and/or on the network... Also, if the telnet service is not enabled, which it would not be by default in Server 2008 and/or 2012/2012R2, then you would need to enable it as well.
Cheers,
Adam
-
@Adam-Gordon Thanks, any ideas if we can have a self signed certificate for the LDAPS or does it require third party?
-
You can do it either way. The recommendation is to ONLY use Self-Signed for testing, BUT both approaches work and are fully supported.
Take a look here for a good overview and walk-through of how to enable and use self-signed certificates:
-
http://javaxt.com/tutorials/windows/how_to_enable_ldaps_in_active_directory
-
https://anandthearchitect.com/2019/10/10/active-directory-self-signed-certificate-for-ldaps/
Good Luck !!
Cheers,
Adam
-
-
@Adam-Gordon Thank you very much for this.
We have Mimecast setup as our Spam filter and we need to update so it uses LDAPS i was wondering as we are already have Azure AD would the connector to azure ad wqork as already in the cloud? Or is this more of a question for Mimecast.
Thanks
-
Take a look at the following link:
https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/mimecast-personal-portal-tutorial
Cheers,
Adam
-
@Adam-Gordon Can you help please? I am trying to configure an Azure AD Application following the below link, however was wondering do you know which Redirect URL i need to use please?
https://community.mimecast.com/s/article/Configuring-an-Azure-Active-Directory-Application-293891018
Thanks