Connection settings

The connection settings in ADManager Plus allow you to specify the desired protocol (HHTP/HTTPS) for communication between the ADManager Plus web-client and the server. HTTP is the default mode for communication. You can also specify the TLS version and Ciphers that you wish to use here. Furthermore, if needed, you can choose to enable LDAPS for communication between the product and Active Directory (AD), and TLS.

To configure the connection settings in ADManager Plus

1. Log in to ADManager Plus, and navigate to the Admin tab.
2. Under General Settings, click Connection.
3. To use HTTP, select Enable HTTP mode. The default port number is 8080. If you wish to use a different port, enter the desired port number.
4. To use HTTPS, select Enable HTTPS mode. The default port number for HTTPS is 8443. Specify the desired port number if you wish to use a different port.
5. If you'd like to apply a SSL certificate, click the SSL Certificate Tool option and perform the desired actions. Click here to learn how to apply a SSL certificate in ADManager Plus.
6. Select the domains for which you'd like to enable LDAP over SSL in the Enable LDAP SSL for drop-down list.
7. Select the desired Session Expiry Time.
8. Click Save Changes.

How does LDAPS work in ADManager Plus?

To understand how LDAPS (LDAP over SSL) works in ADManager Plus, it is essential to understand the key terminologies in the process. The following section breaks down the key terms involved in enabling LDAPS in ADManager Plus.

LDAP: Lightweight Directory Access Protocol (LDAP) is a protocol commonly used to access and manage information directories. For your Active Directory to function properly, LDAP serves as a protocol to query, maintain, and authenticate access. ADManager Plus supports an extensive list of LDAP attributes that are listed in this table.

LDAP over SSL (LDAPS): In Active Directory, LDAP traffic between client and server is not encrypted by default. You can change this and employ LDAP over SSL (LDAPS) to secure information exchange between LDAP clients and LDAP servers.

For further information on why you should consider enabling LDAPS and how to configure LDAPS in Active Directory, refer to this Microsoft article.

LDAPS in ADManager Plus

In ADManager Plus, you have the option of enabling LDAP SSL to secure communication with the Active Directory. Ensure that LDAP SSL has been enabled in your AD instance before enabling LDAP SSL in ADManager Plus.

When this option is enabled, ADManager Plus will try to establish an LDAP SSL connection with Active Directory to perform the desired operations from the product. In case the LDAP SSL connection is unsuccessful, ADManager Plus will establish an LDAP connection with AD and then proceed to execute the operations.

LDAP signing

LDAP signing is a security feature used to ensure the integrity and authenticity of communication between an LDAP client (such as ADManager Plus) and an LDAP server (such as Active Directory). ADManager Plus supports LDAP signing to help prevent tampering with the data transmitted between the client and the server.

When LDAP signing is enabled, every LDAP operation like user authentication, querying, and more requires the data to be signed. This means that each message exchanged between the client and server has a digital signature that verifies that the message hasn't been altered in transit. If the message has been modified in any way, the signature would not match, and the request would be rejected.

Enabling LDAP signing ensures that the data exchanged is genuine, secure, and hasn't been tampered with, adding an extra layer of security to your directory services.

For further information on why you should consider enabling LDAP signing and how to configure LDAP signing in Active Directory, refer to this Microsoft article.