Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2292
Views
0
Helpful
2
Replies

Ironport LDAPS

jape0002_
Level 1
Level 1

‎10-28-2015 01:08 AM

Hi!

We are planning to connect our Ironport c370 to our Active directory infrastructure to verify valid users via LDAPS.

I found this instruction:

http://enterpriseit.co/ironport/ldap-active-directory/

But there is nothing in the instruction on how you install the CA-certificate for the active directory on the ironport?

Does it trust everything over LDAPS or do I need to go into the shell to add the CA-certificate for my Active directory CA?

Labels:
0 Helpful
2 Replies 2

Mathew Huynh
Cisco Employee
Cisco Employee

‎11-02-2015 03:23 AM

Hello Jape,

Generally the ESA will trust the LDAP server and initiate the connection and send queries to the LDAP server configured.

If you wish to use SSL where certificate negotiations will be done, the ESA (you can load an certificate if required) will be sent however from -my experience- i do not believe there is an option to deploy your AD's cert on the ESA to ensure it's trusted.

Regards,

Matthew

0 Helpful

jape0002_
Level 1
Level 1
In response to Mathew Huynh

‎11-02-2015 03:34 AM

I tested by setting up a LDAPserver with a selfsigned cert and pointed my Ironport against that with LDAP+SSL. And it gave back an ok when I tested the connection. 

So it does not look like it needs to verify the certificate at all. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents