LDAPS

Oct 17, 2013 at 10:27 AM
Hi,
Any chance do get "LDAP/AD Claims Provider For SharePoint 2010" to work with LDAPS?
Thanks!
Oct 17, 2013 at 1:00 PM
Edited Oct 17, 2013 at 1:01 PM
I managed to get it to work by using LDAP://servername.domain.com:636, instead of LDAPS://servername.domain.com, and by installing the CA certificate from the domain controller in the remote domain to "Trusted Root Certification Authorities". I guess this is enough to use LDAPS...or?
Coordinator
Oct 21, 2013 at 11:32 AM
hello,
to be honest I don't know for sure how to enable LDAPS.
Regarding your solution, the best way to make sure it is actually LDAPS is to make a network trace and validate the traffic is encrypted.
Basically the code uses DirectoryEntry class (http://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentry.aspx) to create connection to LDAP.
If you know exactly how to set it to enable LDAPS then I can confirm whether that works or not in current version, and if needed make it possible in a future version.
cheers,
Yvan
Oct 22, 2013 at 1:13 PM
Hello,
I used Network Monitor and it seems that the traffic is encrypted:

Source: 192.168.0.2 Destination: 192.168.0.1 Protocol Name: TCP Description: TCP:Flags=...A....,SrcPort=49179, DstPort=ldap protocol over TLS/SSL (was sldap)(636)
Source: 192.168.0.2 Destination: 192.168.0.1 Protocol Name: LDAP Description: LDAP: Encrypted Over SSL

Best,
Stefan
Jul 28, 2015 at 4:24 PM
Hi,
I have difficulties to configure LDAPCP with LDAPs.
The destination LDAP-server is not an ActiveDirectory. It does not use the standard-LDAPs-port 636.
How can I configure the prot, base and scope for an appropriate LDAP-connection?
I also wonder how to configure the authetication type "SecureSocketsLayer" as documented in https://msdn.microsoft.com/en-us/library/system.directoryservices.authenticationtypes(v=vs.110).aspx?
Do you have any ideas?
Thanks in advance, Paul
Jul 29, 2015 at 5:28 PM
To connect to an non-AD-based LDAP you will likely need to connect with a Path something like:

LDAP://server.domain.com:[port]/DC=domain,DC=com

You will also likely need to specify your Username to look something like:

uid=MyID,ou=MyOrg,dc=domain,dc=com
Sep 1, 2015 at 12:45 PM
Hello bryanhart,
thanks for your feedback.
(Meanwhile, we configured firewall access for non-SSL and I was on vacation.)
I tried your configuration, but it didn't work.
I tried also to test the connection using the "PeoplePicker Port Tester". It didn't work either. Both tools signal the same error: "The server is not operational".
Next, I installed the "ApacheDirectoryStudio" on the Sharepoint-Server and I was able to connect to the non-AD-based LDAP without any problems.
Do you have any further ideas? Is there a way to debug LDAPCP?
Thanks in advance, Paul
Coordinator
Sep 1, 2015 at 1:47 PM
Hello,
Instead of debugging LDAPCP, can I suggest you try to implement LDAPS in a console application using .NET class DirectoryEntry ( https://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentry.aspx )?
This is what LDAPCP is using to connect to LDAP servers. If you manage to successfully connects in LDAPS with the console application (on same SP server with same app pool account than SP sites), please send me the code and I'll see if there is something I should change in LDAPCP to make it work.
thanks,
Yvan