Configure LDAPS connection to a domain

ESET PROTECT Server on Windows uses the encrypted LDAPS (LDAP over SSL) protocol by default for all Active Directory connections.

Follow the steps below to configure ESET PROTECT Virtual Appliance to connect to Active Directory via LDAPS.

Prerequisites

Set up LDAPS on the Domain Controller - make sure to export the DC Certification Authority public key.

Make sure Kerberos is correctly configured on your ESET PROTECT VA

 

Enable LDAPS on ESET PROTECT VA

1.Open virtual machine's terminal window with ESET PROTECT VA.

2.Press Enter, type your password that you specified during ESET PROTECT VA configuration and press Enter twice.

3.Select Exit to terminal and press Enter.

4.Stop the ESET PROTECT Server service:

systemctl stop eraserver

5.Type the following command:

nano /etc/systemd/system/eraserver.service

6.Add the following line to the [Service] section:

Environment="ESMC_ENABLE_LDAPS=1"

7.Press CTRL+X and type Y to save the file changes. Press Enter to exit the editor.

8.Run the following command to reload the configuration:

systemctl deamon-reload

9.Start the ESET PROTECT Server service:

systemctl start eraserver

10. Copy the certificate file you generated on the Domain Controller to the following location on your ESET PROTECT VA Server:

/etc/pki/ca-trust/source/anchors/

11. Run the following command:

update-ca-trust