Re: Setting up Secure LDAP (LDAPS) on Windows Server 2008

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx

> for LDAPS you need a certificate, one provided by your own CA or by a
> third party CA. Preferably a CA is NOT installed on a DC. Because you just
> need a cert it does not mean you just need to install an enterprise CA.
> What I mean is, that you need to make a design for the PKI infrastructure.
> By just starting to install stuff without thinking is definitely a very
> bad practice and in the end you might even regret it.
> How to design a PKI infrastructure?
> To get an impression, start reading:
> http://www.windowsecurity.com/articles/Microsoft-PKI-Quick-Guide-Part1.html
> --
> Cheers,
> (HOPEFULLY THIS INFORMATION HELPS YOU!)
> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>

> * This posting is provided "AS IS" with no warranties and confers no
> rights!
> * Always test ANY suggestion in a test environment before implementing!
>

> #################################################
> #################################################
>

>> Hi,
>> I have an external app which requires LDAP integration with our
>> domain. I want to use LDAPs for this. Is it correct that to do this
>> I need to install an enterprise CA on the domain? If so, does this
>> need to be a separate server, or can it be on the domain controller?
>> Our domain is 2008 native upgraded from Windows 2000 native.
>> Thanks.
>> Andrew.
>