How LDAPS works in ADManager Plus?

To understand how LDAPS (LDAP over SSL) works in ADManager Plus, it is essential to understand the key terminologies in the process. The following section breaks down the key terminologies involved in enabling LDAPS in ADManager Plus.

Connection settings

These settings allow you to specify HTTP/HTTPS as the desired mode for for communication between the ADManager Plus web-client and the server. HTTP will be the default mode used. You can also specify the TLS version and Ciphers that you wish to use.

Furthermore, if needed, you can choose to enable LDAPS for communication between the product and Active Directory (AD), and TLS.

Steps

1. Login to ADManager Plus, and click the Admin tab.
2. Under General Settings, click Connection.
3. To use HTTP, select Enable HTTP mode. The default port number used is 8080. If you wish to use a different port, enter the desired port number.
4. To use HTTPS, select Enable HTTPS mode. The default port number for HTTPS is 8443. Specify the desired port number, if you wish to use a different port.
5. To apply an SSL certificate, click the SSL Certification Tool link, and follow these steps.
6. To enter the Keystore password, select the 'Encrypt Keystore Password' option and key in the password.
   Note: The Keystore Password field and Advanced option will be displayed only if HTTPS is selected as the connection type.
7. To specify the TLS versions and use Ciphers, click Advanced.
   • In TLS Versions, select the desired versions.
   • To specify the cipher suites to be used, enable the Ciphers field and select the necessary suites.
8. To use LDAP over SSL, select the Enable LDAP SSL for option and choose the domains for which you wish to use LDAPS.
9. Select the desired Session Expiry Time.
10. Click Save Changes. Please note, for the changes made under Connection Settings to take effect, you have to restart the product.

LDAP

Lightweight Directory Access Protocol (LDAP) is a protocol commonly used to access and manage information directories. For your Active Directory to function properly, LDAP serves as a protocol to query, maintain, and authenticate access. ADManager Plus supports an extensive list of LDAP attributes that are listed in this article.

LDAP over SSL (LDAPS)

In Active Directory, LDAP traffic between client and server is not encrypted by default. You can change this and employ LDAP over SSL (LDAPS) to secure information exchange between LDAP clients and LDAP servers.

For further information on why you have to consider enabling LDAPS and how to configure LDAPS in Active Directory, refer to this Microsoft article.

LDAPS with ADManager Plus

In ADManager Plus, you have the option of enabling LDAP SSL to secure communication with the Active Directory. Ensure that LDAP SSL has been enabled in your AD instance before enabling LDAP SSL in ADManager Plus.

When this option is enabled, ADManager Plus will try and establish LDAP SSL connection with Active Directory to perform the desired operations from the product. In case the LDAP SSL connection is unsuccessful, then ADManager Plus will establish an LDAP connection with AD and then proceed to execute the operations.