Re: Secure SSL with LDAP and AD



Thanks for the reference to that resource. I was unaware that such a thing
existed.

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"S. Pidgorny <MVP>" <slavickp@xxxxxxxxx> wrote in message
news:OkdfXBMvIHA.4376@xxxxxxxxxxxxxxxxxxxxxxx
Note for the OP: http://support.microsoft.com/kb/321051 - How to enable
LDAP over SSL with a third-party certification authority. That applies to
self-signed certs as well. As an alternative to cheap commercial
certificates and self-signed I'd consider free online CA (ie
http://www.cacert.org), that's also ideal for testing.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *


"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23re$PruuIHA.5288@xxxxxxxxxxxxxxxxxxxxxxx
It is just for applications that attempt to connect on the SSL port.
Nothing in the normal Windows platform uses SSL LDAP (since it isn't even
enabled by default) for anything, so only applications that opt in to use
it will be affected.

Note that a self signed cert is probably a very poor choice as nothing
will trust the cert by default and connections will fail by default
because of this. Self signed certs are generally speaking only suitable
for test lab usage and don't really have a place in production
environments. You'd be better off buying a cheap SSL cert from GoDaddy
or something if you don't want to set up a CA.

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Tom Reis" <reistom@xxxxxxxxxxxxx> wrote in message
news:%23sQnv1ouIHA.4492@xxxxxxxxxxxxxxxxxxxxxxx
We are using Windows Server 2003 and Active Directory. We have a
application that needs to authenticate to LDAP using SSL because of the
ability to change passwords. I plan on using a self-signed certificate.
My question is that, once you have installed the SSL certificate do use
always need to authenticate to SSL LDAP or is it just for applications
that need it?







.



Relevant Pages

  • Re: Problem establishing SSL connection in code-behind
    ... SSL is negotiated before any HTTP traffic is ... so SSL must have already been successful. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Windows 2003 Server LDAP.
    ... For SSL, you just need to ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... Where can I modify settings for LDAP such as port number, authentication, ...
    (microsoft.public.windows.server.active_directory)
  • Re: user public key authentication
    ... Why would you not use SSL if you ... want to do certificate-based authentication? ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.security)
  • Re: Client Certificate Authentication with ADAM
    ... this with ADAM users. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... the normal procedures to configure ADAM for LDAP over SSL? ...
    (microsoft.public.windows.server.active_directory)
  • Re: Web Single Sign On
    ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... current Windows credentials to the server, ... This common identity is the user's username used to logon to the ...
    (microsoft.public.dotnet.framework.aspnet.security)