Active Directory - How to Enable LDAPS Using Self-Signed Certificates Sept. 18, 2019, 3 p.m.

To enable LDAP over SSL (LDAPS) all you need to do is "install" an SSL certificate on the Active Directory server. Most enterprises will opt to purchase an SSL certificate from a 3rd Party like Verisign. In my case, I created my own certificate using OpenSSL. Here are the steps I used to secure my Active Directory server using a self signed certificate.

windows security ldap certificates

LDAP Authentication Primer Sept. 5, 2019, 11:44 a.m.

This document provides background on what LDAP authentication is, what specific LDAP authentication methods and mechanisms Active Directory and more specifically the NETID domain supports, and finally gives some guidance on which method and mechanism you should use.

windows security ldap

Are you using LDAP over SSL/TLS? Sept. 5, 2019, 11:42 a.m.

Today, many applications and devices connect to Active Directory over LDAP. Many of those are still performing insecure LDAP “simple binds” where credentials are transferred in clear text over the network. Those exposed credentials typically include the “service account” used to connect to LDAP, but also include the user credentials used during the application login.

Also note that the terms “LDAP over SSL” and “LDAP over TLS” are used interchangeably. By default, LDAP communications between client and server applications are not encrypted. This is especially problematic when an LDAP simple bind is used.

windows security ldap

Identifying Clear Text LDAP binds to your DC’s Sept. 4, 2019, 12:15 p.m.

The core of the issue is this, when an application performs a simple LDAP bind, the username and password is transmitted in clear text in the very first packet. The DC doesn't even have a chance to prevent this exposure from occurring.  If this connection is not encrypted at a lower layer such as TLS or IPSec, it may be intercepted and a bad day may soon follow.

windows active directory security ldap

LDAP Tool Box Self Service Password April 12, 2018, 8:43 a.m.

Self Service Password is a PHP application that allows users to change their password in an LDAP directory.

tools active directory free ldap

Django snippets: Authenticate against Active Directory March 12, 2012, 1:39 p.m.

Use active directory to authenticate Django users.

programming python active directory django development code authentication ldap