This document describes how to configure the Lightweight Directory
Access Protocol (LDAP) over SSL on the Clean Access Manager (CAM).
This configuration is applicable to the CAM version 3.5 and
The information in this document is based on the Clean Access Manager
The information in this document was created from the devices in a
specific lab environment. All of the devices used in this document started with
a cleared (default) configuration. If your network is live, make sure that you
understand the potential impact of any command.
Refer to the
Technical Tips Conventions for more information on document
In this section, you are presented with the information to configure
the features described in this document.
Note: Use the
Command Lookup Tool
(registered customers only)
in order to obtain more
information on the commands used in this section.
Complete these steps:
Obtain the root certificate of the untrusted CA which has issued
the certificate to the Domain Controller and place it on your desktop.
Choose Administrator > CAM > SSL
certificate, and then browse and upload the Root CA certificate as
Trust Non-Standard CA .
Click Verify and install the Root CA
Configure the LDAP server on the CAM.
Choose User Management > Auth Servers and
Choose LDAP as the Authentication type.
Choose ldaps://ip.address:636 as the Server
Choose SSL as the Security
Choose Handle (Follow)! as the Referral. This
option is set for the Partition Domain Environment, for example, Root and Child
Admin privilege user and password is required to successfully
bind the CAM (ldap client) to the LDAP server.
Obtain the certificate on the Domain Controller
When you request a certificate for DC, make sure to put the CN as
Active Directory fully qualified domain name. LDAPS certificate is located in
the personal certificate store of the local computer. Refer to
How to enable LDAP over SSL
with a third-party certification authority for more information.
Configure the Domain Controller for SSL.
On your DC, choose Start > All Programs >
Administrative Tools > Active Directory Users and Computer.
In the Active Directory Users and Computers window, right-click
on your domain name and choose Properties.
In the Domain Properties dialog box, choose the Group
Choose the Default Domain Policy group policy
and then click Edit.
Choose Computer Configuration > Windows
Choose Security Settings and then choose
Public Key Policies.
Choose Automatic Certificate Request Settings.
Use the wizard in order to add a policy for Domain Controllers as
in this example:
Verify the Domain Controller for LDAP over SSL.
On your DC, choose Start > Run and type
ldp.exe. From the Connection Menu, click
Connect and fill in the values for the server and port. This
verifies that the LDAP over SSL is configured correctly on DC.
Choose User Management > Auth Servers > AUTH Test
tab in order to verify the CAM LDAPS
There is currently no verification procedure available for this
There is currently no specific troubleshooting information available
for this configuration.