locked
ADLDS MA & SSL Connectivity for PCNS RRS feed

  • Question

  • Hi,

    According to Technet,, ADLDS requires that you set up a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) connection between the client and server when you set passwords (http://technet.microsoft.com/en-us/library/jj590329%28v=ws.10%29.aspx)

    However, we are using PCNS to sync AD passwords to an ADLDS instance (via ADLDS MA), and even though we have not configured SSL on ADLDS and the ADLDS MA connects on TCP:389 - password syncs are working.

    Isn't this contradictory to the Technet statement above?

    Additionally, if we need SSL certs and since we may need to update multiple DNs on the same ADLDS instance, does ADLDS support wildcard certificates.

    Thank you,

    SK


    • Edited by Shim Kwan Thursday, May 8, 2014 12:32 AM
    Wednesday, May 7, 2014 11:47 PM

Answers

  • Yes by default ADLDS does not allow you to reset user passwords over a non-SSL connection.  However, while this wouldn't be recommended for any other scenario other than a lab or a POC, you can change this setting yourself.  I can only suggest someone has already done this in your case.

    On your second question I don't really follow your scenario - I have always just followed instructions like the ones here.


    Bob Bradley (FIMBob @ TheFIMTeam.com) ... now using FIM Event Broker for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM

    • Marked as answer by Shim Kwan Monday, May 19, 2014 7:01 AM
    Friday, May 16, 2014 3:13 PM

All replies

  • Yes by default ADLDS does not allow you to reset user passwords over a non-SSL connection.  However, while this wouldn't be recommended for any other scenario other than a lab or a POC, you can change this setting yourself.  I can only suggest someone has already done this in your case.

    On your second question I don't really follow your scenario - I have always just followed instructions like the ones here.


    Bob Bradley (FIMBob @ TheFIMTeam.com) ... now using FIM Event Broker for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM

    • Marked as answer by Shim Kwan Monday, May 19, 2014 7:01 AM
    Friday, May 16, 2014 3:13 PM
  • Thank you Bob.

    And yes, wildcards are supported on ADLDS.

    Monday, May 19, 2014 7:00 AM