Configure LDAPS connection to a domain

Since version 7.2, ESMC Server on Windows uses the encrypted LDAPS (LDAP over SSL) protocol by default for all Active Directory connections.

Follow the steps below to configure ESMC Virtual Appliance to connect to Active Directory via LDAPS.

Prerequisites

Set up LDAPS on the Domain Controller - make sure to export the DC Certification Authority public key.

Make sure Kerberos is correctly configured on your ESMC VA

 

Enable LDAPS on ESMC VA

1.Open virtual machine's terminal window with ESMC VA.

2.Press Enter, type your password that you specified during ESMC VA configuration and press Enter twice.

3.Select Exit to terminal and press Enter.

4.Stop the ESMC Server service:

systemctl stop eraserver

5.Type the following command:

nano /etc/systemd/system/eraserver.service

6.Add the following line to the [Service] section:

Environment="ESMC_ENABLE_LDAPS=1"

7.Press CTRL+X and type Y to save the file changes. Press Enter to exit the editor.

8.Run the following command to reload the configuration:

systemctl deamon-reload

9.Start the ESMC Server service:

systemctl start eraserver

10. Copy the certificate file you generated on the Domain Controller to the following location on your ESMC VA Server:

/etc/pki/ca-trust/source/anchors/

11. Run the following command:

update-ca-trust