none
LDAPS configuration RRS feed

  • Question

  • Hi,

    We have a customer that is using Oracle, and they want to connect this to Active Directory so that they can use AD user accounts to login. As I understand it from the Oracle DB, he needs to connect with port 636, which is LDAPS. I have never touched LDAPS and I am not sure what this is all about. As I understand LDAPS is LDAP over SSL so there is encryption. My question is

    - Where do I add this role, I mean do I add this role to all the domain controllers ? Or should this role be on a single separate server ?

    - Will LDAPS interfere with my Active Directory as it is today ? Or will only the Oracle part use LDAPS ?

    Thanks for answers.


    /Regards Andreas

    Monday, September 2, 2019 6:36 PM

All replies

  • Hi,

    Thanks for posting in our forum.

    As far as I know, our domain controller can provide LDAPS service directly and it's used for user and computer authentication. We don't need install it and windows server doesn't include LDAPS role or feature at all.

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd772723(v=ws.10)

     

    For your reference:

    Using Oracle Database with Microsoft Active Directory

    https://docs.oracle.com/database/121/NTQRF/active_dir.htm#NTQRF372

     

     

    Best Regards,

    William


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 3, 2019 7:42 AM
  • Hi,

     

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

     

    Best Regards,

    William

     


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 17, 2019 9:43 AM
  • Hi,

    Thanks for answer, but I don`t seem to understand. You say that "our domain controller can provide LDAPS service directly" ? Correct my if I am wrong, but as I understand this is not out of the box.

    Ref MS "The Lightweight Directory Access Protocol (LDAP) is used to read from and write to Active Directory. By default, LDAP traffic is transmitted unsecured. You can make LDAP traffic confidential and secure by using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) technology. You can enable LDAP over SSL (LDAPS) by installing a properly formatted certificate from either a Microsoft certification authority (CA) or a non-Microsoft CA."

    Regards

    Andreas


    /Regards Andreas

    Wednesday, September 18, 2019 6:28 PM
  • Hi,

    Sorry for the delayed reply.

    >> You say that "our domain controller can provide LDAPS service directly" ? 

    Yes, we can use LDAPS to access DC directly, but usually, a certificate is required for encrypt LDAPS communication. Back to your original question, we don’t need install any role, just need a certificate for encryption.

    LDAPS is similar as HTTPS. We can use HTTPS to access a website, if the website not configured certificate properly, we well get a warning, and we can continue access the website but the connection is not encrypted; if certificate is configured, we well access the website directly and the connection is encrypted.

    Best Regards,

    William


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, September 25, 2019 2:00 AM
  • Hi,

     

    Just want to confirm the current situations.

     

    Please feel free to let us know if you need further assistance.

     

    Best Regards,

    William


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, September 27, 2019 10:00 AM
  • Hi,

    I guess this certificate is because the following fails ?

    But this certificate, I thought that DC had a self signed certificate (that Is off course not trusted) that it would use... ?

    This guide here tells me to install Active Directory Lightweight Directory Services

    https://blogs.msdn.microsoft.com/microsoftrservertigerteam/2017/04/10/step-by-step-guide-to-setup-ldaps-on-windows-server/

    Sorry to not understand it correctly, I need information feed with a small spoon :)


    /Regards Andreas

    Friday, September 27, 2019 10:13 AM