1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

how to force ldap ssl

Discussion in 'Windows Security' started by gira, Jun 19, 2009.

  1. gira

    gira Guest

    Hello,
    I'm planning to setup pki and install a certificate on the DCs.
    Once the certificate has been installed on the DCs, how do I force the
    machines (client computers, member servers, DCs) to use SSL LDAP?
     
    gira, Jun 19, 2009
    #1
  3. WildPacket

    WildPacket Guest

    WildPacket, Jun 19, 2009
    #2
  4. gira

    gira Guest

    How do you force the machines to use the LDAPS once the certificate has been
    installed?
    By installing the certificate, it starts to listen on the LDAPS port but
    does it force the machines to start using the SSL?

    I'm looking into security more and some third party apps would benefit from
    LDAPS.



    "WildPacket" wrote:
    <!--coloro:blue--><span style="color:blue <!--/coloro-->
    > Why do you want this??????
    >
    > Read here ...
    >
    >
    >
    >
    >
    >
    >
    >
    > "gira" wrote:
    > <!--coloro:green--><span style="color:green <!--/coloro-->
    > > Hello,
    > > I'm planning to setup pki and install a certificate on the DCs.
    > > Once the certificate has been installed on the DCs, how do I force the
    > > machines (client computers, member servers, DCs) to use SSL LDAP?<!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->
     
    gira, Jun 21, 2009
    #3
  5. Marcel

    Marcel Guest

    The application needs to support ldaps, like ldp.exe. The moment you select
    ssl or configure the port to use to 636, it will automaticly use ssl/tls. We
    confirmed this with a network sniffer.
    Other way to force an application to ssl (if it supports it), is closing
    port 389 for that machine with an acl or something on your firewall/router.

    Marcel
     
    Marcel, Jun 25, 2009
    #4
  6. gira

    gira Guest

    Thanks guys for the info.
    What about for windows clients ex) global catalog port 3269
    Is there a way to force the DC to use the secure connection other than
    blocking the port 3268?

    "Marcel" wrote:
    <!--coloro:blue--><span style="color:blue <!--/coloro-->
    > The application needs to support ldaps, like ldp.exe. The moment you select
    > ssl or configure the port to use to 636, it will automaticly use ssl/tls. We
    > confirmed this with a network sniffer.
    > Other way to force an application to ssl (if it supports it), is closing
    > port 389 for that machine with an acl or something on your firewall/router.
    >
    > Marcel
    >
    >
    > <!--colorc--><!--/colorc-->
     
    gira, Jun 30, 2009
    #5

Share This Page