Re: LDAPS

[Chris Green <cmgreen () UAB EDU>]

If I recall, you can turn on LDAPS but turning off LDAP was impossible.   For us, we have that off on one server and 
can rotate the role.  I don't recall why it was a one-off server but it was something we may have had to do either WC 
certs or load balancing for.

Better to ask this question on win-hied mailing list and get real gurus ;-)

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Childs, 
Aaron
Sent: Thursday, October 21, 2010 9:30 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] LDAPS

We enabled Secure LDAP two years ago on our 2003 R2 DCs and it does not break anything. It just listens on a different 
port (636) for secure traffic.  We did not use a wildcard cert.

Have a good day,
Aaron

-----------
Aaron Childs, CCNA
Assistant Director: Networking
Westfield State University
http://www.wsc.ma.edu/it/

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kellogg, 
Brian D.
Sent: Thursday, October 21, 2010 10:19 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] LDAPS

We have a product we are looking to use but it requires a secure LDAP connection to our Win2003R2 domain.  I have very 
little experience with LDAPS so below are a couple questions I have for anyone who has more experience than I with 
this.  I have read the MS requirements to implement this.

Will enabling secure LDAP break anything?  We have a lot of other LDAP stuff going on that does not require LDAPS.
Has anyone used a wildcard cert to enable secure LDAP on Windows 2003R2 DCs?


Thanks,
Brian