Secure LDAP Active Directory environment

By default, the Microsoft LDAP implementation does not support secure LDAP. To setup secure LDAP using SSL, certificates must be installed on both sides, the LDAP Server and LDAP Client. In this case, the LDAP Server is the domain controller running Active Directory. The LDAP Client is the UMRA software, either the UMRA Console application or the UMRA Service.

1. The certificates required to run secure LDAP using SSL can be configured in many ways. The concept is always the same:
2. The Active Directory domain controller uses a special certificate that is issued by a trusted certification authority.
3. The UMRA software (computer) trusts the certification authority that issues the certificate to the Active Directory domain controller.

Creating the certificate listed in step 1 requires a special procedure, as described in article Q321051. In this document, the same steps are used and described. Also, the procedure to setup a Certification Authority is described.

First, a certificate request is created. Next, a Certification Authority (CA) is setup and the certificate is signed, e.g. issued by the certification authority. Finally, the root certificate of the certification authority is exported and then imported by the computer that runs the UMRA software.

In this procedure the environment used runs Active Directory on Windows 2003 Standard Edition. For Windows 2000, a similar procedure can be used. The Certification Authority is installed on a Windows 2003 domain controller. For other versions, the procedure might be different.