Using AD LDS over SSL [duplicate]

我怕爱的太早我们不能终老 提交于 2019-11-26 23:35:19

问题


This question already has an answer here:

  • How do I validate Active Directory creds over LDAP + SSL? 4 answers

I need to configure AD LDS over SSL I am trying every article since two days this http://erlend.oftedal.no/blog/?blogid=7 seems reasonable but I got stuck at giving read permission to AD LDS instance for the certificate.

this is the official article and the first step of this is really vague don't know what to do https://msdn.microsoft.com/en-us/library/cc725767(v=ws.10).aspx#BKMK_1

I am using Windows Server 2012 r2


回答1:


I have done by configuring Enterprise CA first and then using guidance at this page

http://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx#Reasons

in the following order

  1. Publishing a Certificate that Supports Server Authentication

    At point 5 of this step that is

    "5. On the Duplicate Template dialog box, leave the default selected Windows Server 2003 Enterprise selected and then click OK."

    Carefully select your relevant OS, tutorial saying leave it default but I was using Windows Server 2012 r2, So I choose the one I was using. Choose your relevant OS.

  2. Exporting the LDAPS Certificate and Importing for use with AD DS

  3. Verifying an LDAPS connection

Why should I need ADLDS connection over SSL?

Because I want the user to change his/her ADLDS password, Non-SSL connection using PrincipalContext was not allowing me to do this. So now I am using the following code, it's working like a charm.

PrincipalContext pc = new PrincipalContext(
                    ContextType.ApplicationDirectory,
                    "YourServerUrl:YourSSLPort",
                    "CN=YourPartitionName,DC=partition,DC=com",
                    ContextOptions.SimpleBind | ContextOptions.SecureSocketLayer,
                    "FullDistinguisedNameOfUser",
                    "PasswordOfUser");

bool IsUserValidated = pc.ValidateCredentials(
                    "FullDistinguisedNameOfUser",
                    "PasswordOfUser",
                    ContextOptions.SimpleBind | ContextOptions.SecureSocketLayer);


            if (IsUserValidated)
            {
                UserPrincipal up = UserPrincipal.FindByIdentity(
                "FullDistinguisedNameOfUser", 
                "PasswordOfUser");

                up.ChangePassword("UserOldPassword", "UserNewPassword");
            }


来源:https://stackoverflow.com/questions/36402069/using-ad-lds-over-ssl

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!