通过SSL使用AD LDS [英] Using AD LDS over SSL

问题描述

我需要通过SSL配置AD LDS，因为这两天以来我一直在尝试每篇文章，这 http: //erlend.oftedal.no/blog/?blogid=7 似乎很合理，但我被困在授予证书的AD LDS实例读取权限上.

I need to configure AD LDS over SSL I am trying every article since two days this http://erlend.oftedal.no/blog/?blogid=7 seems reasonable but I got stuck at giving read permission to AD LDS instance for the certificate.

这是官方文章，而第一步真的很模糊，不知道该怎么办 https://msdn.microsoft.com/zh-cn/library/cc725767(v = ws.10).aspx#BKMK_1

this is the official article and the first step of this is really vague don't know what to do https://msdn.microsoft.com/en-us/library/cc725767(v=ws.10).aspx#BKMK_1

我正在使用Windows Server 2012 r2

I am using Windows Server 2012 r2

推荐答案

我首先通过配置Enterprise CA，然后使用此页面上的指南来完成

I have done by configuring Enterprise CA first and then using guidance at this page

http: //social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx#Reasons

按以下顺序

1. 发布支持服务器身份验证的证书

1. Publishing a Certificate that Supports Server Authentication

在此步骤的第5点是

"5.在重复模板"对话框上，保留默认选择的Windows Server 2003 Enterprise，然后单击确定"."

"5. On the Duplicate Template dialog box, leave the default selected Windows Server 2003 Enterprise selected and then click OK."

仔细选择您的相关操作系统，教程说保留它为默认值，但我使用的是Windows Server 2012 r2，因此我选择了我使用的操作系统.选择您的相关操作系统.

Carefully select your relevant OS, tutorial saying leave it default but I was using Windows Server 2012 r2, So I choose the one I was using. Choose your relevant OS.

导出LDAPS证书并导入以与AD DS一起使用

Exporting the LDAPS Certificate and Importing for use with AD DS

为什么我需要通过SSL进行ADLDS连接?

Why should I need ADLDS connection over SSL?

因为我希望用户更改他/她的ADLDS密码，所以使用PrincipalContext的非SSL连接不允许我这样做.因此，现在我正在使用以下代码，它的工作就像一种魅力.

Because I want the user to change his/her ADLDS password, Non-SSL connection using PrincipalContext was not allowing me to do this. So now I am using the following code, it's working like a charm.

PrincipalContext pc = new PrincipalContext(
                    ContextType.ApplicationDirectory,
                    "YourServerUrl:YourSSLPort",
                    "CN=YourPartitionName,DC=partition,DC=com",
                    ContextOptions.SimpleBind | ContextOptions.SecureSocketLayer,
                    "FullDistinguisedNameOfUser",
                    "PasswordOfUser");

bool IsUserValidated = pc.ValidateCredentials(
                    "FullDistinguisedNameOfUser",
                    "PasswordOfUser",
                    ContextOptions.SimpleBind | ContextOptions.SecureSocketLayer);


            if (IsUserValidated)
            {
                UserPrincipal up = UserPrincipal.FindByIdentity(
                "FullDistinguisedNameOfUser", 
                "PasswordOfUser");

                up.ChangePassword("UserOldPassword", "UserNewPassword");
            }

这篇关于通过SSL使用AD LDS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！