Configuring Active Directory LDAPS
This section describes the procedure for using LDAPS to connect with Active Directory.
[ Reference ]
- The procedure described on this page is necessary only when LDAPS is used to connect with Active Directory.
- Contact Microsoft or your support vendor for inquiries about configuring Active Directory.
Follow the procedure below to configure and use LDAPS:
1. Enable LDAP signing and LDAP channel binding (Active Directory)
Enable Active Directory LDAP signing and LDAP channel binding.
Refer to the following pages for more information on the procedures to enable LDAP signing and LDAP channel binding.
- How to enable LDAP signing in Windows Server
- Use the LdapEnforceChannelBinding registry entry to make LDAP authentication over SSL/TLS more secure
2. Issue and install a server certificate (Active Directory)
Issue a certificate to be used for LDAPS connection and install it in Active Directory by any of the following methods:
A server certificate needs to be installed on every domain controller.
- Active Directory Certificate Services
Install in Active Directory a server certificate issued using Active Directory Certificate Services.
Refer to the following page for more information on the procedure to enable Active Directory Certificate Services and issue a server certificate.- Step by Step Guide to Setting Up LDAPS on a Windows Server, “Set Up LDAPS (LDAP over SSL)”
- Third-party CA
Install in Active Directory a server certificate issued by a certification authority (CA) other than Active Directory Certificate Services.
Refer to the following page for more information on how to install a third-party CA.
[ Reference ]
If you use a third-party CA certificate, contact the certification authority (CA) that you use for inquiries about certificate settings.
[ Note ]
This module does not verify server certificates.