10-28-2015 01:08 AM
Hi!
We are planning to connect our Ironport c370 to our Active directory infrastructure to verify valid users via LDAPS.
I found this instruction:
http://enterpriseit.co/ironport/ldap-active-directory/
But there is nothing in the instruction on how you install the CA-certificate for the active directory on the ironport?
Does it trust everything over LDAPS or do I need to go into the shell to add the CA-certificate for my Active directory CA?
11-02-2015 03:23 AM
Hello Jape,
Generally the ESA will trust the LDAP server and initiate the connection and send queries to the LDAP server configured.
If you wish to use SSL where certificate negotiations will be done, the ESA (you can load an certificate if required) will be sent however from -my experience- i do not believe there is an option to deploy your AD's cert on the ESA to ensure it's trusted.
Regards,
Matthew
11-02-2015 03:34 AM
I tested by setting up a LDAPserver with a selfsigned cert and pointed my Ironport against that with LDAP+SSL. And it gave back an ok when I tested the connection.
So it does not look like it needs to verify the certificate at all.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide