LDAP Admin: Frequently Asked Questions (FAQ)
Frequently Asked Questions (FAQ)
Q: Can I use TLS with LdapAdmin?
A: Yes, as of v1.3 LdapAdmin supports TLS.
Q: I receive error message 'Server down' when I try to connect to the LDAP server using Secure Sockets Layer (SSL). Connecting over standard LDAP port 329 succeeds!
A: LdapAdmin doesn't control SSL settings itself but uses Windows API to connect to SSL-secured servers. If the Windows settings are not correct the SSL session will fail. You should check the following:
- Make sure that the port is the one on which LDAP SSL server listens (usually 636)
- Make sure that you have imported the certificate of the CA which issued SSL certificate for the server in Windows certificate store. When you look at the content of the Windows certificate store you should see the certificate of the CA listed there. If it's not, then you don't have the issuer CA certificate and the SSL connection fails because the server certificate can not be verified.
- In the connection property window of the LdapAdmin use DNS name for which the server certificate was issued. Normally, this would be the server FQDN (i.e. ldapserver.mydomain.com and not the IP address or abbreviated name)
Q: How do I install certificate, there is no such option in LdapAdmin?
A: You need to install the certificate into the Windows certificate store. There is more than one way to do this:
- If you have PKCS #12, PKCS #7, or binary-encoded X.509 certificate file then you can use Certificate Import Wizard to import the certificate. To access the wizard just double-click the certificate file.
- If the wizard doesn't start, then you may try to access it using Internet Explorer.
Start Internet Explorer and from IE's Tools menu choose Internet Options, then select the Content tab.
Click the Certificates button, then click the Trusted Root Certification Authorities tab.
Click the Import button to start Certificate Import Wizard.
- If you don't have certificatefile then you can still install the certificate using Internet Explorer.
Start Internet Explorer and open https://ldapserver:636 where ldapserver stands for the DNS name of your LDAP server.
The Internet Explorer presents a dialog warning you that the certificate could not be verified.
Choose to view the certificate and change to Certification path tab.
Select the CA certificate and click the View certificate button.
Now click on the Install certificate button to install the CA certificate.
Q: When new users are made, is it warranted that generated uidNumber won't conflict with other throughout the directory structure?
A: Yes, the uidNumber is checked for collisions. However, with option to generate sequential numbers, it is only warranted that the uidNumber is unique within the given limit values. With the default option (random number within the given limit values) uidNumber is always unique throughout the directory tree as defined by a base setting of a given connection.