Re: Secure SSL with LDAP and AD



Thanks for the reference to that resource. I was unaware that such a thing
existed.

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"S. Pidgorny <MVP>" <slavickp@xxxxxxxxx> wrote in message
news:OkdfXBMvIHA.4376@xxxxxxxxxxxxxxxxxxxxxxx
Note for the OP: http://support.microsoft.com/kb/321051 - How to enable
LDAP over SSL with a third-party certification authority. That applies to
self-signed certs as well. As an alternative to cheap commercial
certificates and self-signed I'd consider free online CA (ie
http://www.cacert.org), that's also ideal for testing.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *


"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23re$PruuIHA.5288@xxxxxxxxxxxxxxxxxxxxxxx
It is just for applications that attempt to connect on the SSL port.
Nothing in the normal Windows platform uses SSL LDAP (since it isn't even
enabled by default) for anything, so only applications that opt in to use
it will be affected.

Note that a self signed cert is probably a very poor choice as nothing
will trust the cert by default and connections will fail by default
because of this. Self signed certs are generally speaking only suitable
for test lab usage and don't really have a place in production
environments. You'd be better off buying a cheap SSL cert from GoDaddy
or something if you don't want to set up a CA.

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Tom Reis" <reistom@xxxxxxxxxxxxx> wrote in message
news:%23sQnv1ouIHA.4492@xxxxxxxxxxxxxxxxxxxxxxx
We are using Windows Server 2003 and Active Directory. We have a
application that needs to authenticate to LDAP using SSL because of the
ability to change passwords. I plan on using a self-signed certificate.
My question is that, once you have installed the SSL certificate do use
always need to authenticate to SSL LDAP or is it just for applications
that need it?







.