This article clarifies the expected behavior and configuration requirements when migrating the Active Directory connection in Security Analytics (SA) from standard LDAP (Port 389) to LDAP over SSL/TLS (Port 636). It outlines which services are impacted and how to maintain secure connectivity.

Organizations often transition from Port 389 to 636 to comply with security best practices, ensuring that credentials and directory data are encrypted in transit. Because Security Analytics relies on this connection for identity management, changing the port requires specific configuration adjustments to avoid service interruptions.

In Security Analytics, LDAP is primarily utilized for authentication and authorization.

If the communication between Security Analytics and the LDAPS server fails during this transition, only these identity-related functions will be affected. All other core services within the appliance will continue to run without issue.

To implement the change, follow these steps:

1. Navigate to the LDAP configuration settings in the SA interface.

2. Change the Port field from 389 to 636.

3. Certificate Validation:

   • Self-Signed Certificates: If the LDAP server uses a self-signed certificate, leave the "Verify server certificate" box unchecked.

   • CA-Signed Certificates: If the server uses a certificate signed by a Certificate Authority (CA) and your security policy requires SA to validate the trust chain, check the "Verify server certificate" box.

Note: Ensure that any firewalls between the Security Analytics appliance and the Active Directory controller are configured to allow traffic over TCP port 636 before applying these changes.