Connect to MA with TLS
miis-perplexed
enable TLS for security. The LDAP server is running OpenLDAP and has the TLS
module active. I am able to connect no problem on port 389 when it is not
requiring TLS, but once we turn it on no matter how I connect (389 w/ SSL,
636, 636 w/ SSL) i'm getting connection failed. Does MIIS even support
connecting via TLS? My understanding from reading several MS articles is that
this should work via installing a server certificate. I did do this, and put
it both under the Computer Account store and the store for the service
account which MIIS uses to connect. I've tried under Trusted Root
Certification Authorities and Personal, neither seem to make any difference.
To say the least MIIS documentation on this subject is vague.
Anyone out there that has experience with this kind of setup that could
help? Thanks.
Jorge de Almeida Pinto [MVP - DS]
When possible, use secure communication to reduce the risk of unauthorized
access to data by individuals monitoring network traffic. Various network
data encryption technologies are available for Microsoft Windows Server
2003. Whether or not you can use these encryption technologies is based on
whether the connected data source supports them and whether or not the
corresponding management agent also supports them. Three common examples of
network data encryption technologies are SSL, TLS, and IPSec.
SSL
Secure Socket Layer (SSL), can be used in an MIIS environment. If the
connect data source supports the use of SSL and a management agent is
included with MIIS 2003, then the use of SSL is supported for that
particular data source.
Verify the level of encryption between MIIS 2003 and the target data source.
When setting initial passwords set up SSL and use LDAP with SSL to
communicate with Sun ONE™ Directory Server 5.1, Netscape Directory Server®
6.1, Novell® eDirectory™ 8.7, and directory servers running Active Directory
Application Mode (ADAM).
TLS
The use of Transport Layer Security (TLS) is not supported in an MIIS 2003
environment.
IPSec
Internet Protocol Security (IPSec) is a tunneling protocol used within the
TCP/IP protocol. Use of IPSec is completely transparent to MIIS and
therefore can be used without any effect on the operation of MIIS 2003. If
the SQL server hosting the MIIS database is located on a server separate
from the MIIS server using IPSec is recommended to help make communication
between the two servers more secure.
what is mentioned for MIIS 2003 also applies to ILM
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"miis-perplexed" <miis-pe...@discussions.microsoft.com> wrote in message
news:491CBC93-68A3-4728...@microsoft.com...
> __________ Information from ESET Smart Security, version of virus
> signature database 4080 (20090515) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
__________ Information from ESET Smart Security, version of virus signature database 4080 (20090515) __________
The message was checked by ESET Smart Security.