Educause Security Discussion mailing list archives
Re: LDAPS
From: Chris Green <cmgreen () UAB EDU>
Date: Thu, 21 Oct 2010 09:40:07 -0500
If I recall, you can turn on LDAPS but turning off LDAP was impossible. For us, we have that off on one server and can rotate the role. I don't recall why it was a one-off server but it was something we may have had to do either WC certs or load balancing for. Better to ask this question on win-hied mailing list and get real gurus ;-) From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Childs, Aaron Sent: Thursday, October 21, 2010 9:30 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] LDAPS We enabled Secure LDAP two years ago on our 2003 R2 DCs and it does not break anything. It just listens on a different port (636) for secure traffic. We did not use a wildcard cert. Have a good day, Aaron ----------- Aaron Childs, CCNA Assistant Director: Networking Westfield State University http://www.wsc.ma.edu/it/ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kellogg, Brian D. Sent: Thursday, October 21, 2010 10:19 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] LDAPS We have a product we are looking to use but it requires a secure LDAP connection to our Win2003R2 domain. I have very little experience with LDAPS so below are a couple questions I have for anyone who has more experience than I with this. I have read the MS requirements to implement this. Will enabling secure LDAP break anything? We have a lot of other LDAP stuff going on that does not require LDAPS. Has anyone used a wildcard cert to enable secure LDAP on Windows 2003R2 DCs? Thanks, Brian