10-28-2015 01:08 AM
Hi!
We are planning to connect our Ironport c370 to our Active directory infrastructure to verify valid users via LDAPS.
I found this instruction:
http://enterpriseit.co/ironport/ldap-active-directory/
But there is nothing in the instruction on how you install the CA-certificate for the active directory on the ironport?
Does it trust everything over LDAPS or do I need to go into the shell to add the CA-certificate for my Active directory CA?
11-02-2015 03:23 AM
Hello Jape,
Generally the ESA will trust the LDAP server and initiate the connection and send queries to the LDAP server configured.
If you wish to use SSL where certificate negotiations will be done, the ESA (you can load an certificate if required) will be sent however from -my experience- i do not believe there is an option to deploy your AD's cert on the ESA to ensure it's trusted.
Regards,
Matthew
11-02-2015 03:34 AM
I tested by setting up a LDAPserver with a selfsigned cert and pointed my Ironport against that with LDAP+SSL. And it gave back an ok when I tested the connection.
So it does not look like it needs to verify the certificate at all.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: