Re: LDAP to LDAPs Authentication

latenaite2011 · ‎04-09-2018

Good afternoon,

I am just trying to figure out what the steps are for enabling LDAP to LDAPs authentication and specifically what needs to be done on the server. I saw that a certificate needs to be installed and the steps weren't too intuitive.

They are running on version 9.x.

Does anyone have a newer update to the steps required to get this done?

Thank you!

LN

Rahul Govindan · ‎04-09-2018

The only changes I can think of to make on the ASA are:

1) change port from 389 to 636

2) Install the CA certificate of your servers HTTPS certificate on the ASA. So if your LDAP server has an AD issued HTTPS certificate, export the sub-CA or Root CA and import the .cer or .crt file into a new trustpoint as a CA certificate.

3) Make sure your SSL settings have the right protocols supported by your LDAP server. Do a "show run all ssl" and "show crypto ssl" to see whats supported on the ASA.

4) Preferably use the name of the server instead of the ip address.

latenaite2011 · ‎04-09-2018

Thank you Rahul for responding.

Are are good steps for installing certificate on the servers and the https
certificate on the ASA?

Thank you!

Rahul Govindan · ‎04-10-2018

ASA CA cert installation: https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html#anc12

Steps 1-3 under section "1.1 Installation of the Identity Certificate in PEM Format with ASDM"

Configuring LDAP over SSL: I don't think there is Cisco documentation for this. Here are a third party one: https://www.petri.com/enable-secure-ldap-windows-server-2008-2012-dc

Yordan Yordanov · ‎04-13-2021

Hi Rahul,

after i added the CA Certificate, do i need to install it on Identity Certificates?

i am not able to see it in the field

br

Yordan