Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
8710
Views
0
Helpful
4
Replies

LDAP to LDAPs Authentication

latenaite2011
Level 4
Level 4

‎04-09-2018 02:17 PM - edited ‎02-21-2020 07:36 AM

Good afternoon,

 

I am just trying to figure out what the steps are for enabling LDAP to LDAPs authentication and specifically what needs to be done on the server.  I saw that a certificate needs to be installed and the steps weren't too intuitive. 

 

They are running on version 9.x.    

 

Does anyone have a newer update to the steps required to get this done?

 

Thank you!

LN

Labels:
0 Helpful
4 Replies 4

Rahul Govindan
VIP Alumni
VIP Alumni

‎04-09-2018 06:11 PM

The only changes I can think of to make on the ASA are:

 

1) change port from 389 to 636

2) Install the CA certificate of your servers HTTPS certificate on the ASA. So if your LDAP server has an AD issued HTTPS certificate, export the sub-CA or Root CA and import the .cer or .crt file into a new trustpoint as a CA certificate. 

3) Make sure your SSL settings have the right protocols supported by your LDAP server. Do a "show run all ssl" and "show crypto ssl" to see whats supported on the ASA.

4) Preferably use the name of the server instead of the ip address.

 

 

0 Helpful

latenaite2011
Level 4
Level 4
In response to Rahul Govindan

‎04-09-2018 06:14 PM

Thank you Rahul for responding.

Are are good steps for installing certificate on the servers and the https
certificate on the ASA?

Thank you!
0 Helpful

Rahul Govindan
VIP Alumni
VIP Alumni
In response to latenaite2011

‎04-10-2018 10:15 AM

ASA CA cert installation: https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html#anc12

 

Steps 1-3 under section "1.1 Installation of the Identity Certificate in PEM Format with ASDM"

 

Configuring LDAP over SSL: I don't think there is Cisco documentation for this. Here are a third party one: https://www.petri.com/enable-secure-ldap-windows-server-2008-2012-dc

 

0 Helpful

Yordan1
Level 1
Level 1
In response to Rahul Govindan

‎04-13-2021 07:14 AM

Hi Rahul,

 

after i added the CA Certificate, do i need to install it on Identity Certificates?

i am not able to see it in the field

 

br

Yordan

0 Helpful
Related community topics
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top