Highlighted
1 Copper

LDAPS configuration on PS6610 failed to connect

Hi,
With the new recommendation from Microsoft, I'm trying to configure LDAPS on my device and the connection is failing, "PS Series Group failed to connect to Active Directory Server". Regular LDAP on port 389 works fine without any issues, but 636 is not connecting at all. I'm on firmware ver.10.0.3 and it's still failing to connect.
Anyone else having the same issue or have resolved this?
Thanks,

0 Kudos
1 Reply
Highlighted
4 Beryllium

Re: LDAPS configuration on PS6610 failed to connect

Hello, 

 There won't be a change in firmware to support this change. However, you might try this workaround. 

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023
 As per the Microsoft advisory and the other links which was also highlighted by you, 
it says that the default configuration of using unsigned LDAP on port 389 will be blocked.
 And to overcome this, we can either use LDAPS over port 636 or StartTLS on port 389 but
 it still requires that we add a certificate to your domain controllers.
 The default port for LDAP over SSL is 636. The use of LDAP over SSL was common in 
LDAP Version 2 (LDAPv2) but it was never standardized in any formal specification. 
This usage has been deprecated along with LDAPv2, which was officially retired in 
2003 and in EQL also, SSL is no longer supported.
 So, our recommendation is to use port 389 with TLS (EQL supports StartTLS over 
port 389 on TLS v1.2) which is a secured communication

Regards, 

Don 

 

0 Kudos