Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Allow ldaps queries from other server 2003 domain controllers
Allow ldaps queries from other server 2003 domain controllers [message #157168] Wed, 01 July 2009 09:24 Go to next message
trnsfrmrsr  is currently offline trnsfrmrsr
Messages: 5
Registered: June 2009
Junior Member
We're working with another vendor who provides some hosted services. However
they'll only work with ldap and ldaps (which is fine). They're running on
server 2003 as well.

In order for them to perform ldaps queries, against our domain(we have our
own private microsoft CA). Do we simply need to export the root certificate
for our CA (no private key of course) and have the hosting company install
that cert in their trusted cert authorities store?
Re: Allow ldaps queries from other server 2003 domain controllers [message #157178 is a reply to message #157168] Wed, 01 July 2009 12:00 Go to previous messageGo to next message
Joe Kaplan  is currently offline Joe Kaplan  United States
Messages: 88
Registered: July 2009
Member
That should be adequate, yes. The key is that their SSL client trusts your
SSL server (the DC in this case) and having your root be a trusted root for
their client is the all that should be needed to do that.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"trnsfrmrsr" <trnsfrmrsr@discussions.microsoft.com> wrote in message
news:1D94D7C1-A99B-42B2-8420-01D635214BB2@microsoft.com...
> We're working with another vendor who provides some hosted services.
> However
> they'll only work with ldap and ldaps (which is fine). They're running on
> server 2003 as well.
>
> In order for them to perform ldaps queries, against our domain(we have our
> own private microsoft CA). Do we simply need to export the root
> certificate
> for our CA (no private key of course) and have the hosting company install
> that cert in their trusted cert authorities store?
>
>
RE: Allow ldaps queries from other server 2003 domain controllers [message #157248 is a reply to message #157168] Thu, 02 July 2009 16:58 Go to previous message
Anderson Lacruz  is currently offline Anderson Lacruz
Messages: 15
Registered: July 2009
Junior Member
Hi

What exactly do you want to do? do you want to establish secure ldap
communications? Because in that case you have to configure your domain
controllers to work with certificates (ldap ssl /port 636 )

some links that can be helpful:
http://support.microsoft.com/kb/555252
http://support.microsoft.com/kb/247078 ( in this case you have to work with
domain controller policies and use LDAP tool from Support tool to test, etc)

I hope this information can help you, otherwise, just write again and specify

Regards
Anderson L

"trnsfrmrsr" wrote:

> We're working with another vendor who provides some hosted services. However
> they'll only work with ldap and ldaps (which is fine). They're running on
> server 2003 as well.
>
> In order for them to perform ldaps queries, against our domain(we have our
> own private microsoft CA). Do we simply need to export the root certificate
> for our CA (no private key of course) and have the hosting company install
> that cert in their trusted cert authorities store?
>
>
Previous Topic:How do restore AD 2003 : procedure
Next Topic:Password Expiration Date.
Goto Forum:
  


Current Time: Tue Jan 16 10:38:12 MST 2018

Total time taken to generate the page: 0.05606 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software