This question already has an answer here:
I need to configure AD LDS over SSL I am trying every article since two days this http://erlend.oftedal.no/blog/?blogid=7 seems reasonable but I got stuck at giving read permission to AD LDS instance for the certificate.
this is the official article and the first step of this is really vague don't know what to do https://msdn.microsoft.com/en-us/library/cc725767(v=ws.10).aspx#BKMK_1
I am using Windows Server 2012 r2
I have done by configuring Enterprise CA first and then using guidance at this page
in the following order
Publishing a Certificate that Supports Server Authentication
At point 5 of this step that is
"5. On the Duplicate Template dialog box, leave the default selected Windows Server 2003 Enterprise selected and then click OK."
Carefully select your relevant OS, tutorial saying leave it default but I was using Windows Server 2012 r2, So I choose the one I was using. Choose your relevant OS.
Exporting the LDAPS Certificate and Importing for use with AD DS
- Verifying an LDAPS connection
Why should I need ADLDS connection over SSL?
Because I want the user to change his/her ADLDS password, Non-SSL connection using PrincipalContext was not allowing me to do this. So now I am using the following code, it's working like a charm.
PrincipalContext pc = new PrincipalContext(
ContextType.ApplicationDirectory,
"YourServerUrl:YourSSLPort",
"CN=YourPartitionName,DC=partition,DC=com",
ContextOptions.SimpleBind | ContextOptions.SecureSocketLayer,
"FullDistinguisedNameOfUser",
"PasswordOfUser");
bool IsUserValidated = pc.ValidateCredentials(
"FullDistinguisedNameOfUser",
"PasswordOfUser",
ContextOptions.SimpleBind | ContextOptions.SecureSocketLayer);
if (IsUserValidated)
{
UserPrincipal up = UserPrincipal.FindByIdentity(
"FullDistinguisedNameOfUser",
"PasswordOfUser");
up.ChangePassword("UserOldPassword", "UserNewPassword");
}
来源:https://stackoverflow.com/questions/36402069/using-ad-lds-over-ssl