06-23-2011 11:46 PM - edited 03-17-2019 10:21 PM
I have a question about configuring LDAP for user authentication on the VCS. I want to have redundancy in my LDAP link. I believe this is possible by setting the LDAP server address to a FQDN and then selecting a resolution type of SRV. What I am unclear on is what the value for the server address would be if I was indeed using SRV as the resolution type. I should also add that I am looking to use TLS
To clarify, if my AD domain is myad.netcraftsmen.net. Would I configure the server address field as:
myad.netcraftsmen.net : assuming that VCS will properly query DNS for the correct _service._proto parameters?
or would I need to create a new SRV record for this purpose and configure the server address field with the specific address (including the _service._proto fields)
or would I need to specify one of the SRV record formats used by MS AD domains (there are several).
If the latter, then which SRV record for TLS. I only see records with port 389 (non-secure).
My intuition tells me that it is probably the first option but I could be way off.
Anyway, thanks in advance for any input.
Regards,
Bill
Please remember to rate helpful responses and identify
Solved! Go to Solution.
06-23-2011 11:53 PM
Hi William,
I just checked this on an X6.1 VCS, and it seems the VCS performs an SRV lookup on _ldap._tcp.domain (Where 'domain' has been input as the Server Address), both when encryption is set to 'None' and 'TLS'.
Hope this helps,
Andreas
06-23-2011 11:53 PM
Hi William,
I just checked this on an X6.1 VCS, and it seems the VCS performs an SRV lookup on _ldap._tcp.domain (Where 'domain' has been input as the Server Address), both when encryption is set to 'None' and 'TLS'.
Hope this helps,
Andreas
06-24-2011 12:00 AM
Andreas,
Thanks for the rapid response. So, if I had the following configuration:
Server address: myad.netcraftsmen.net (assuming that is the DNS zone for my AD)
Server address resolution: SRV
Port: 636
Encryption: yes
Then the VCS will query DNS for an SRV record: _ldap._tcp.myad.netcraftsmen.net? And then negotiate a secure connection?
I just want to make sure I follow.
Regards,
Bill
Please remember to rate helpful responses and identify
06-24-2011 12:01 AM
Yes that is correct William.
06-24-2011 12:06 AM
OK. Well, thanks again!
Regards,
Bill
Please remember to rate helpful responses and identify
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide