search cancel

Secure Connection to AD User Directory with StartTLS

book

Article ID: 42175

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Question


We currently have a secure connection to an AD USER DIRECTORY over 636.  Can we use a Start TLS connection to connect over 389, and if so, how would we configure that?

Answer: 

CA Single SIgn-On does not support STARTTLS natively at this time. However, if you have Windows server environment while using Active Directory, that means you should be able to use the SASL BIND functionality of Windows/AD to get a more secure connection over port 389. 

Please refer to the sources below for more about implementing SASL binding for increased connection security over unsecured ports:

 

Additional Information:

 

 

https://msdn.microsoft.com/en-us/library/cc223507.aspx 

https://blogs.technet.microsoft.com/askds/2009/09/21/understanding-ldap-security-processing/ 

Environment

Release:
Component: SMPLC