SSL with ADAM

Can we enable SSL with ADAM? Is there a step-by-step that i can follow to
achieve that.

I am a lil confused between ldaps and ssl...currently i am using simple
binds with ADAM, which i understand sends passwords in clear text, if i use
ldaps, are passwords still sent in clear text? or should i implement SSL to
mitigate that risk?

Hi

if you are using LDAP simple binds then the credentials are sent in
clear text, using LDAPS the credentials are still sent in clear text
but over an secure (encrypted) channel so LDAPS is really what you
need for a secure approach.

Microsoft documentation for SSL configuration for AD LDS is here [1],
the only major difference with ADAM cf AD LDS is the location of the
keys in the notes at [1]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys

is the WS08 location whereas for ADAM on WS03 the keys are at

c:\documents and settings\All
Users\ApplicationData\Microsoft\Crypto\RSA\MachineKeys

There are some more notes linked from here [2].

Lee Flight

[1] http://technet.microsoft.com/en-us/l...67(WS.10).aspx
[2]
http://groups.google.co.uk/group/mic...087f26f2175f9f




"Kerry" <Kerry@live.com> wrote in message
news:uUzq8jsDKHA.1340@TK2MSFTNGP05.phx.gbl...
> Can we enable SSL with ADAM? Is there a step-by-step that i can follow to
> achieve that.
>
> I am a lil confused between ldaps and ssl...currently i am using simple
> binds with ADAM, which i understand sends passwords in clear text, if i
> use ldaps, are passwords still sent in clear text? or should i implement
> SSL to mitigate that risk?
>

Thanks for the direction.

Now i can connect using LDP to connect to the ADAM Server over port 9001
(LDAP over SSL). However i am not able to bind using ADAM user accounts.
Whenever i use simple bind with a adam account, i get the below error:
0 = ldap_set_option(ld, LDAP_OPT_ENCRYPT, 0)
res = ldap_simple_bind_s(ld, 'adam', <unavailable>); // v.3
Error <49>: ldap_simple_bind_s() failed: Invalid Credentials

My AD Domain is abbi.com and my ADAM DN is DC=Customer,DC=Com. While i login
to the workstation using Abbi credentials, i would like to connect to my
application using a ADAM user account.

How should i configure adam to be able to handle the above mentioned
requirement.


"Lee Flight" <lef@le.ac.uk-nospam> wrote in message
news:uE4t3EtDKHA.1248@TK2MSFTNGP04.phx.gbl...
> Hi
>
> if you are using LDAP simple binds then the credentials are sent in
> clear text, using LDAPS the credentials are still sent in clear text
> but over an secure (encrypted) channel so LDAPS is really what you
> need for a secure approach.
>
> Microsoft documentation for SSL configuration for AD LDS is here [1],
> the only major difference with ADAM cf AD LDS is the location of the
> keys in the notes at [1]
> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
>
> is the WS08 location whereas for ADAM on WS03 the keys are at
>
> c:\documents and settings\All
> Users\ApplicationData\Microsoft\Crypto\RSA\MachineKeys
>
> There are some more notes linked from here [2].
>
> Lee Flight
>
> [1] http://technet.microsoft.com/en-us/l...67(WS.10).aspx
> [2]
> http://groups.google.co.uk/group/mic...087f26f2175f9f
>
>
>
>
> "Kerry" <Kerry@live.com> wrote in message
> news:uUzq8jsDKHA.1340@TK2MSFTNGP05.phx.gbl...
>> Can we enable SSL with ADAM? Is there a step-by-step that i can follow to
>> achieve that.
>>
>> I am a lil confused between ldaps and ssl...currently i am using simple
>> binds with ADAM, which i understand sends passwords in clear text, if i
>> use ldaps, are passwords still sent in clear text? or should i implement
>> SSL to mitigate that risk?
>>
>
>

You can only bind to ADAM using simple bind with an ADAM user account or a
bind proxy object that points to an AD object. It looks like you tried to
use a object with username "adam" so if that is a user in ADAM with a valid
password that is not disabled, that will work IF either the displayName or
userPrincipalName attribute is set to "adam". Otherwise it won't because
you won't have a matching user. It also won't work if you have more than
one user with that username in either attribute but that seems less likely.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"Kerry" <Kerry@live.com> wrote in message
news:eI09h36DKHA.4168@TK2MSFTNGP05.phx.gbl...
> Thanks for the direction.
>
> Now i can connect using LDP to connect to the ADAM Server over port 9001
> (LDAP over SSL). However i am not able to bind using ADAM user accounts.
> Whenever i use simple bind with a adam account, i get the below error:
> 0 = ldap_set_option(ld, LDAP_OPT_ENCRYPT, 0)
> res = ldap_simple_bind_s(ld, 'adam', <unavailable>); // v.3
> Error <49>: ldap_simple_bind_s() failed: Invalid Credentials
>
> My AD Domain is abbi.com and my ADAM DN is DC=Customer,DC=Com. While i
> login to the workstation using Abbi credentials, i would like to connect
> to my application using a ADAM user account.
>
> How should i configure adam to be able to handle the above mentioned
> requirement.
>
>
> "Lee Flight" <lef@le.ac.uk-nospam> wrote in message
> news:uE4t3EtDKHA.1248@TK2MSFTNGP04.phx.gbl...
>> Hi
>>
>> if you are using LDAP simple binds then the credentials are sent in
>> clear text, using LDAPS the credentials are still sent in clear text
>> but over an secure (encrypted) channel so LDAPS is really what you
>> need for a secure approach.
>>
>> Microsoft documentation for SSL configuration for AD LDS is here [1],
>> the only major difference with ADAM cf AD LDS is the location of the
>> keys in the notes at [1]
>> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
>>
>> is the WS08 location whereas for ADAM on WS03 the keys are at
>>
>> c:\documents and settings\All
>> Users\ApplicationData\Microsoft\Crypto\RSA\MachineKeys
>>
>> There are some more notes linked from here [2].
>>
>> Lee Flight
>>
>> [1] http://technet.microsoft.com/en-us/l...67(WS.10).aspx
>> [2]
>> http://groups.google.co.uk/group/mic...087f26f2175f9f
>>
>>
>>
>>
>> "Kerry" <Kerry@live.com> wrote in message
>> news:uUzq8jsDKHA.1340@TK2MSFTNGP05.phx.gbl...
>>> Can we enable SSL with ADAM? Is there a step-by-step that i can follow
>>> to achieve that.
>>>
>>> I am a lil confused between ldaps and ssl...currently i am using simple
>>> binds with ADAM, which i understand sends passwords in clear text, if i
>>> use ldaps, are passwords still sent in clear text? or should i implement
>>> SSL to mitigate that risk?
>>>
>>
>>
>
>