Adaxes

LDAPS instead of LDAP

0 votes

Hello,

when running netstat on our addaxes server I can see several connections from the local server to our domain controllers using LDAP / port 389. Our company policy is to use LDAPS / port 636 when communicating with active directory.

How can I configure adaxes to only use LDAPS?

Thank you for your help!
HarryNew

by (270 points)

1 Answer

0 votes
by (272k points)
selected by
Best answer

Hello Harry,

There is no possibility to configure Adaxes to use only LDAPS. However, it is possible to enable Kerberos encryption between Adaxes and your domain controllers (DCs). To do so:

  1. Navigate to the folder where Adaxes service is installed. By default, the folder is C:\Program Files\Softerra\Adaxes 3\Service\.

  2. Open the Softerra.Adaxes.Service.exe.Config file with a text editor.

  3. Locate the XML element configuration\softerra.adaxes\ldap\encryptTraffic.

  4. Change the value in the element to true. 

     <configuration>
     ...
     <softerra.adaxes>
         ...
         <!-- LDAP section -->
         <ldap …>
             <encryptTraffic>true</encryptTraffic>
             ...

  5. Save the file.

  6. Restart Softerra Adaxes Service.

0

Hello,

thank you very much for your answer!

Could you please give me some more information about how this encryption works? We have configured the encryption setting in our test system but I still only see ldap-connections in netstat (....remote address <DC-Name>:ldap). Is there a way (aside from wireshark) to prove that encryption is in place? What type of encryption is used and between which systems? And is ALL ldap-traffic encrypted, when this setting is in use? We will need to report the functionality to IT-security.

Thank you for your help!

HarryNew

by (270 points)
moved by
0

Hello Harry,

We have configured the encryption setting in our test system but I still only see ldap-connections in netstat (....remote address <DC-Name>:ldap).

As it was mentioned in our previous post, the option does not enable using LDAPS (port 636), Adaxes will keep using LDAP (port 389), but the requests will be encrypted.

Is there a way (aside from wireshark) to prove that encryption is in place?

You can try using Windows Network Monitor. When the option is disabled, you will be able see and read the requests. When the option is enabled, you will see encrypted requests that are not human readable.

What type of encryption is used and between which systems?

The option enables Kerberos encryption between Adaxes and your domain controllers (DCs).

And is ALL ldap-traffic encrypted, when this setting is in use?

All requests made by users with the help of Adaxes client applications (Adaxes Administration Console and Web Interface) will be encrypted. However, some requests will not be encrypted (e.g. modifying service connection points).

by (272k points)
moved by

Related questions

0 votes
1 answer
Is there a way for Adaxes to use Microsoft 365 user profile pictures instead of having to select a file per user?

Is there a way for Adaxes to use a user's Microsoft 365 profile pictures instead of having to select a file on a per user basis?

asked Feb 1 by keneth.figueroa (20 points)
0 votes
1 answer
Is generating and distributing a Temporary Access Pass (TAP) from Azure AD instead of a password supported?

Aiming to go passwordless, this is a must-have

asked Aug 30, 2023 by JM (20 points)
0 votes
1 answer
How can I force Adaxes to use locally installed EMT instead of Exchange server?

Hi, we have replaced our local Exchange server with installation of Exchange Management Tools (EMT) installed directly on Adaxes server. And my question is: How can I force ... this is how 'Set External Senders' option looks in Adaxes config Thanks in advance

asked Apr 1, 2023 by KIT (910 points)
0 votes
1 answer
How can I set up a scheduled task to run, but only once instead of against all objects?

The script create two reports of inactive workstation operating systems. The report is too detailed to run from one of the adaxes reports. Basically how can I set the script up to ... sure How I did this but I can't find it now (probably something simple).

asked Nov 30, 2022 by mightycabal (1.0k points)
0 votes
1 answer
Passphrase generator instead of random character passwords

Is there a way to autogenerate passphrases instead of generating random character passwords? Passphrase examples: repetition temper calculator powder northern busy

asked Jul 12, 2022 by Tfarmer (160 points)
3,348 questions
3,049 answers
7,791 comments
545,052 users