port 636 will be used for LDAPS connections
Frequently Asked Questions about Port on which to contact the domain controller. By default
Read Moreit should not be necessary to specify a value for this. By default
Frequently Asked Questions about A workstation name to specify (identifying the proxy) when performing NTLM authentication. In most configurations
Read Moreit should not be necessary to specify a value for this.
Frequently Asked Questions about Domain to provide when performing NTLM authentication. In most configurations
Read Morethis would be the distinguished name of the user specified in service_account_username.
Frequently Asked Questions about The full LDAP distinguished name of an account permitted to read from the Active Directory database. Typically
Read Morethen the proxy will use LDAP Signing and Encryption (or “”Sign and Seal””) if the domain controller allows it.
Frequently Asked Questions about If the transport type is CLEAR (the proxy default)
Read Morethe proxy will use NTLM.
Frequently Asked Questions about If the host value is an IP address
Read Morethe proxy will use Kerberos if an LDAP Service Principal Name (SPN) exists for that target DC as ldap/hostname. If no such SPN exists
Frequently Asked Questions about If the host value is a domain controller with hostname
Read Moreabove). In addition
Frequently Asked Questions about Plain LDAP authentication. This option should not be used without enabling transport-layer security (see ‘transport’
Read Moreversion 1. Note that this protocol is considered insecure
Frequently Asked Questions about Microsoft NTLM
Read Morethen Authentication Proxy v5. 0 and later will use LDAP Signing and Encryption (or “”Sign and Seal””) if the domain controller allows it.
Frequently Asked Questions about If the transport type is CLEAR (the proxy default)
Read Moreor you specified the host as an IP address
Frequently Asked Questions about If your directory server uses a certificate with an mismatched common name
Read Morethen when establishing an SSL/TLS connection to the directory server
Frequently Asked Questions about If set to “”true””
Read Morethe certificate’s key usage should include “”Certificate Signing””.
Frequently Asked Questions about If you use a self-signed certificate to secure LDAPS communications to your directory server
Read Moreexport all the certs (such as the root CA and the intermediate CA) in the certification path as CER files and then combine them into one file using a text editor.
Frequently Asked Questions about If you have intermediate CAs in your certificate issuer chain
Read Moreview the “”Certification Path”” tab of the DC’s certificate properties and double-click the issuing certificate to view it. Export the issuing CA certificate as a Base-64 encoded X. 509 (CER) format.
Frequently Asked Questions about To obtain the PEM formatted version of an AD domain controller certificate’s issuing CA certificate
Read Moreyou’ll need the PEM formatted certificate of the certificate authority (CA) that issued your AD domain controller’s or LDAP directory server’s SSL certificate.
Frequently Asked Questions about In order to secure LDAP connections to your directory server using LDAPS or STARTTLS protocols
Read Moreyou should specify a value for this option. Certificates should be PEM-formatted.
Frequently Asked Questions about Path to a file containing the CA certificate(s) to be used to validate SSL/TLS connections to your Active Directory server. If you enable SSL/TLS connections to your Active Directory or LDAP server
Read More