locked
Connecting FIM to OID utilizing LDAPS TLsV1.2 RRS feed

  • Question

  • I can see in the Properties for FIM that I can turn on SSL by changing the flag from False --> True but there should be more to this process as I would need FIM to accept a certificate in order to create a trust between the FIM server and OID.  I can not find this setting anywhere in FIM, has anyone ever had to do this before?  

    Thank you,

    Philip Cowgill

    Friday, January 13, 2017 6:53 PM

All replies

  • Philip-

    If your requirement is to trust the cert on the OID side, you can export it and put it in the Trusted Root Certificates store on the FIM Sync server and that should correct the trust issue.


    Thanks,
    Brian

    Consulting | Blog | AD Book

    Saturday, January 14, 2017 12:33 AM
  • N/M I get what your saying.  I read this wrong.  Let me try this out.
    Monday, January 16, 2017 3:32 PM
  • Doesn't FIM need to trust the certificates from OID though?

    It relies on whether or not Windows trusts the certificate chain.

    Thanks,
    Brian

    Consulting | Blog | AD Book

    Monday, January 16, 2017 3:33 PM
  • The FIM server has the root ca in the Trust Root Certificates store.  I'm still not getting a connection between the OID and FIM.   For the Management agent I'm using OpenLDAP XMA, is that the correct option?  

    I'm not much of a Windows Admin so this side of configuring certificates to trust each other is new to me.
    Monday, January 16, 2017 4:43 PM
  • The OpenLDAP XMA is really old and not maintained. There is a Generic LDAP connector for MIM you should start with - https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-connector-genericldap


    Thanks,
    Brian

    Consulting | Blog | AD Book

    Monday, January 16, 2017 4:54 PM
  • Have you had success with OID with this?  It states that it isn't supported in the documentation.
    Monday, January 16, 2017 5:32 PM