Knowledge Partner
Knowledge Partner
141 views

Re: LDAPS is it required for setting Passwords on AD ?

> We have an IDM 4.0.1 implementation where the Remote Loader is
> installed on a domain member Server (not on the DC)
>
> We would like to enable Password Reset from (IDM/UserApp)
>
> To secure the connection we must enable SSL on the Remote Loader (
> between IDM and R.L machine ) first


If you run the RL on a member server it talks to AD over LDAP and for
passwords to work, you need SSL configured. This is a configuration
setting as in Configuration on the driver side. It sort of depends on
the version of the driver config where it is exactly.

This is near the Sign, Seal settings.


> - My Question is about the connexion between R.L machine and the DC,
> are we required to enable LDAPS on the DC in order to flow passwords
> from IDM to Active Directory DC.
>
> - Does Active Directory Remote Loader use LDAP to perform operations on
> the DC ? or what mecanism is used ?


Yes, sort of.


Labels (1)
0 Likes
1 Reply
Knowledge Partner
Knowledge Partner

Re: LDAPS is it required for setting Passwords on AD ?

On 6/24/2012 6:26 AM, iammi wrote:
>
> Thanks geoffc
>
> I wish more details
>
> I understand waht you said, but before starting implementation design I
> want to know what is required and what is optional about enabling
> passwords regarding SSL configuration.
>
> There is a security detail in Active Directory about Passwords : a
> given process can change an AD User password when it runs localy, but
> when a process runs from a remote location then a secure connexion is
> required for password operations.
>
> From my experience I have already enabled passwords from IDM to AD when
> the Remote Loader is on the AD DC (localy) without caring about SSL
> settings ( in DEV environement), so in this cas SSL is optional ( but
> strongely recommanded)
>
> Now we are about to enbale passwords like this ( IDM ----> R.L machine
> ---> AD DC ), so R.L doesn't run localy for the DC
>
> So geoffc, could you approve the statement below, or correcte me if I
> am wrong ?
>
> - The Active Directory Remote Loader uses LDAP to perform operations on
> Active Directory
> - For password operations ( from R.L to AD DC ) LDAPS is required on
> Active Directory when R.L runs from a remote box, unless password
> operations fail



Looks good.

>



0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.