返回
-
标题
LDAPs Connection Problems -
说明
Successfully set up the LDAP connection in both Safeguard Access and Identity and Authentication. As well as an asset in Asset Management.
With this connection, the LDAP directory can be searched and accounts can be added via it.
Connection Test" and the "Password check" fail. -
原因
Firewall rules and legacy ports not open. -
解决办法
Chang the firewall rules and allowing the legacy ports (389, 3268), the connection to the active directory can be established completely.
We have confirmed “Port 389 is still required to be enabled even with Use SSL is enabled so you need to keep all ports open LDAP 389 TCP\UDP GC 3268 TCP LDAPS 636 TCP GC LDAPS 3269 TCP LDAP is still secure as per the KB article below:
When using a Microsoft Active Directory asset is LDAP or LDAPS used for communication? (4259928) (oneidentity.com) -
其他信息
MS KB - https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/enable-ldap-over-ssl-3rd-certification-authority it states: “LDAPS communication occurs over port TCP 636. LDAPS communication to a global catalogue server occurs over TCP 3269. When connecting to ports 636 or 3269, SSL/TLS is negotiated before any LDAP traffic is exchanged.”