{"id":110216,"date":"2024-05-10T14:39:46","date_gmt":"2024-05-10T18:39:46","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&p=110216"},"modified":"2024-05-10T16:38:04","modified_gmt":"2024-05-10T20:38:04","slug":"configure-adi-to-use-ldaps","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps","title":{"rendered":"Configure ADI to use LDAPS"},"content":{"rendered":"\n

探花大神 can integrate with Active Directory Domain Services (AD) using the 探花大神 Active Directory Integration (ADI). ADI enables the syncing of users, groups, and passwords between 探花大神 and on-premise or off-premise AD in flexible configurations to support your specific use case, goals, and AD environment.<\/p>\n\n\n\n

This article will cover testing the LDAPS configuration in AD to ensure it is functional, and how to configure the Import and Sync Agents to communicate over LDAPS.<\/p>\n\n\n\n

Testing for Secure LDAP (LDAPS) in a your AD Environment<\/h2>\n\n\n\n

Secure LDAP (LDPAS) allows for the encryption of LDAP data (which includes user credentials) in transit during any communication with the LDAP server (like a directory bind), thereby protecting against credential theft. It is not sufficient to only check if the Domain Controller is listening on the LDAPS port (TCP 636), you also need to confirm if LDAPS is working.<\/p>\n\n\n\n

To verify if LDAPS has been configured on your Domain Controller and is functioning correctly, perform the following steps on each Domain Controller to which 探花大神 ADI will need to communicate.<\/p>\n\n\n\n

    \n
  1. RDP onto the Domain Controller.<\/li>\n\n\n\n
  2. Open the Run dialogue box and run the ldp.exe<\/kbd> application.<\/li>\n\n\n\n
  3. Within the Ldp window, select Connection > Connect…<\/strong><\/li>\n\n\n\n
  4. In the Connect <\/strong>window, enter the following:\n
      \n
    • Server:<\/strong> Your server’s FQDN<\/li>\n\n\n\n
    • Port:<\/strong> 636<\/li>\n\n\n\n
    • SSL:<\/strong> Enabled<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
      \"\"<\/figure>\n\n\n\n
        \n
      1. Click OK<\/strong>.<\/li>\n\n\n\n
      2. If the server is correctly configured for LDAPS, line 5 of the output (you might need to scroll up) will show that the host supports SSL.<\/li>\n<\/ol>\n\n\n\n
        \"\"<\/figure>\n\n\n\n

        If the host is NOT configured for LDAPS, then the following message will be shown and no changes will need to be made to your AD Import and Sync Agents.<\/p>\n\n\n\n

        \"\"<\/figure>\n\n\n\n

        Configuring the 探花大神 Active Directory Import Agent for LDAPS<\/h2>\n\n\n\n

        <\/p><\/div>

        Important:<\/strong> \n

        Ensure you are on the latest version of the Active Directory Import Agent before proceeding.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

        To enable LDAPS for the 探花大神 Active Directory Import Agent, you need Administrative access to the Domain controller or Member server on which the Agent is installed.<\/p>\n\n\n\n

          \n
        1. Using Windows Explorer, browse to C:\\Program Files\\探花大神\\AD Integration\\探花大神 AD Import\\<\/kbd>.<\/li>\n\n\n\n
        2. Open jcadimportagent.config.json<\/kbd> using your preferred text editor. Your config file will look similar to this one:<\/li>\n<\/ol>\n\n\n\n
          \"\"<\/figure>\n\n\n\n
            \n
          1. Modify the following fields:\n
              \n
            • ServerIP <\/strong>– change from 127.0.0.1 to your server’s FQDN (server.contoso.com)<\/li>\n\n\n\n
            • AllowInsecureConnection <\/strong>– change to false<\/kbd><\/li>\n\n\n\n
            • Address <\/strong>– change from 127.0.0.1 to your server\u2019s FQDN (server.contoso.com)<\/li>\n<\/ul>\n<\/li>\n\n\n\n
            • When you\u2019re done, your configuration file will look similar to the following image:<\/li>\n<\/ol>\n\n\n\n
              \"\"<\/figure>\n\n\n\n
                \n
              1. Save your changes and restart the 探花大神 AD Integration Import Agent service.<\/li>\n\n\n\n
              2. If the service fails to restart, double check that the information entered into the Config file is correct. If everything looks correct, please review the Import Agent log for additional details\n
                  \n
                • Browse to C:\\Windows\\Temp\\探花大神_AD_Integration.log<\/kbd> to find the Import agent log<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n

                  When LDAPS is not enabled in your AD Import Agent, you will see a message in your Import log similar to the one below:<\/p>\n\n\n\n

                  \n

                  JCADImportAgent:2024\/04\/15 08:12:53 validator.go:74: WARNING: eid=’1′, msg=’LDAP is not secure and transmits unencrypted data using TCP. 探花大神 strongly recommends to use LDAPS for this integration.’
                  JCADImportAgent:2024\/04\/15 08:14:23 jcadimportagent.go:143:<\/p>\n<\/div><\/div>\n\n\n\n

                  Once LDAPS is enabled you will no longer see that message in your Import Agent log file.<\/p>\n\n\n\n

                  Configuring the 探花大神 Active Directory Sync Agent for LDAPS <\/h2>\n\n\n\n

                  <\/p><\/div>

                  Important:<\/strong> \n

                  Ensure you are on the latest version of the Active Directory Import Agent before proceeding.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

                  To enable LDAPS for the 探花大神 Active Directory Sync Agent you will need Administrative access to the Domain controller or Member server on which the Agent is installed.<\/p>\n\n\n\n

                    \n
                  1. Using Windows Explorer, browse to C:\\Program Files\\探花大神\\AD Integration\\探花大神 AD Sync<\/kbd>.<\/li>\n\n\n\n
                  2. Open the config.json<\/kbd> file using your preferred text editor. Your config file will look similar to this one:<\/li>\n<\/ol>\n\n\n\n
                    \"\"<\/figure>\n\n\n\n
                      \n
                    1. Modify the following fields:\n
                        \n
                      • Address <\/strong>– change from 127.0.0.1 to your server’s FQDN (Server.contoso.com)<\/li>\n\n\n\n
                      • AllowInsecureConnection <\/strong>– change to false<\/kbd><\/li>\n<\/ul>\n<\/li>\n\n\n\n
                      • When you\u2019re done your configuration file will look similar to the following image:<\/li>\n<\/ol>\n\n\n\n
                        \"\"<\/figure>\n\n\n\n
                          \n
                        1. Save your changes and restart the 探花大神 AD Integration Sync Agent service.<\/li>\n\n\n\n
                        2. If the service fails to restart, double check that the information entered into the Config file is correct. If everything looks correct, please review the Import Agent log for additional details.\n
                            \n
                          • Browse to C:\\Windows\\Temp\\探花大神_AD_Integration.log<\/kbd> to find the Import agent log<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"

                            探花大神 can integrate with Active Directory Domain Services (AD) using the 探花大神 Active Directory Integration (ADI). ADI enables the syncing […]<\/p>\n","protected":false},"author":205,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2904,2855,2845,2954,2896],"support_tag":[],"coauthors":[2839],"acf":[],"yoast_head":"\nConfigure ADI to use LDAPS - 探花大神<\/title>\n<meta name=\"description\" content=\"Learn how to test the LDAPS configuration in AD to ensure it is functional, and how to configure the Import and Sync Agents to communicate over LDAPS.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Configure ADI to use LDAPS\" \/>\n<meta property=\"og:description\" content=\"Browse the 探花大神 Help Center by category, search for a specific topic, or check out our featured articles.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps\" \/>\n<meta property=\"og:site_name\" content=\"探花大神\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-10T20:38:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/05\/RDP-Server-window.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"joyjaswinski\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps\",\"url\":\"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps\",\"name\":\"Configure ADI to use LDAPS - 探花大神\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/05\/RDP-Server-window.png\",\"datePublished\":\"2024-05-10T18:39:46+00:00\",\"dateModified\":\"2024-05-10T20:38:04+00:00\",\"description\":\"Learn how to test the LDAPS configuration in AD to ensure it is functional, and how to configure the Import and Sync Agents to communicate over LDAPS.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/05\/RDP-Server-window.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/05\/RDP-Server-window.png\",\"width\":746,\"height\":459},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Configure ADI to use LDAPS\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"探花大神\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"探花大神\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"探花大神\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Configure ADI to use LDAPS - 探花大神","description":"Learn how to test the LDAPS configuration in AD to ensure it is functional, and how to configure the Import and Sync Agents to communicate over LDAPS.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps","og_locale":"en_US","og_type":"article","og_title":"Configure ADI to use LDAPS","og_description":"Browse the 探花大神 Help Center by category, search for a specific topic, or check out our featured articles.","og_url":"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps","og_site_name":"探花大神","article_modified_time":"2024-05-10T20:38:04+00:00","og_image":[{"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/05\/RDP-Server-window.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes","Written by":"joyjaswinski"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps","url":"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps","name":"Configure ADI to use LDAPS - 探花大神","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/05\/RDP-Server-window.png","datePublished":"2024-05-10T18:39:46+00:00","dateModified":"2024-05-10T20:38:04+00:00","description":"Learn how to test the LDAPS configuration in AD to ensure it is functional, and how to configure the Import and Sync Agents to communicate over LDAPS.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/05\/RDP-Server-window.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/05\/RDP-Server-window.png","width":746,"height":459},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Configure ADI to use LDAPS"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"探花大神","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"探花大神","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"探花大神"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/110216"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/205"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/110216\/revisions"}],"predecessor-version":[{"id":110244,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/110216\/revisions\/110244"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=110216"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=110216"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=110216"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=110216"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}