To connect DualShield to Active Directory via LDAP over SSL (LDAPS), you must tell your DualShield server to trust your AD server. In other words, you must import the CA certificate that was used to sign the server certificate of your AD server into the keystore of your DualShield server as a trusted root certificate.
Configure Active Directory Authentication with LDAP over SSL
First of all, make sure that your AD server is fully configured to accept SSL connection. To verify that your AD server is enabled with LDAPS connection, you can run a Microsoft support tool LDP.EXE on your AD server. You should see the following output:
If your AD server is not yet configured to accept SSL connection, then you must first enable the SSL connection. The article below has detailed instructions:
It might also be useful to read the following Microsoft Articles:
The Active Directory fully qualified domain name of the domain controller (for example, povm2k3svr.parkoffice.com) must appear in one of the following places:
- The Common Name (CN) in the Subject field.
- DNS entry in the Subject Alternative Name extension.
- Double click the certificate, go to the tab "Cetification Path"
In our example, the CA to sign the LDAPS certificate is the highlighted one "ca".