Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

To connect DualShield to Active Directory via LDAP over SSL (LDAPS), you must tell your DualShield server to trust your AD server. In other words, you must import the CA certificate that was used to sign the server certificate of your AD server into the keystore of your DualShield server as a trusted root certificate.

Configure Active Directory Authentication with LDAP over SSL

First of all, make sure that your AD server is fully configured to accept SSL connection. To verify that your AD server is enabled with LDAPS connection, you can run a Microsoft support tool LDP.EXE on your AD server.  Open command prompt and type ldp and press return:

...

Export CA Certificate from the AD Server

Once your AD server is configured to accept LDAPS connection, you need to export the CA certificate from your AD server.

...

    • Click Copy to file.
      The Certificate Export Wizard appears.
    • Click Next.
      The Export File Format page appears.
    • Select the Base-64 encoded X.509 (CER) file format.
      The File to Export page appears.
    • To save the certificate file to the default location, in the File Name text box, type a name for the certificate. To select a different location to save the file, click Browse. Select the location and type a file name for the certificate.
    • Click Next.
      The Completing the Certificate Export Wizard page appears.
    • Review the certificate information. Click Finish.

Import CA Certificate into DualShield

Next, you need to import the CA certificate into your DualShield's keystore. DualShield's keystore is a JAVA keystore and there is a tool included in the DualShield that can be used to import certificates. Follow the steps below:

...