Encrypt traffic between Adaxes and Active Directory

To communicate with Active Directory, Adaxes service uses the LDAP protocol. By default, encrypted LDAPS connections are established only before performing security-sensitive operations, like changing passwords. The rest of the LDAP traffic is not encrypted. You can encrypt all the traffic between Adaxes service and Active Directory using SSL or Kerberos.

SSL

When SSL encryption is enabled, Adaxes will always establish encrypted LDAPS connections before performing any operation in a specific managed domain. To enable the encryption:

  1. Launch Adaxes Administration console.
  2. In the Console Tree, expand the Adaxes service node (the icon represents service nodes).
  3. Expand Active Directory.
  4. Right-click the domain you need and then click Properties in the context menu.
  5. Activate the SSL Usage tab.
  6. Select Always.

Kerberos

When Kerberos encryption is enabled, all the traffic for all managed domains will be encrypted. To enable the encryption:

  1. Navigate to the folder where Adaxes service is installed. By default, the folder is C:\Program Files\Softerra\Adaxes 3\Service.

  2. Open the Softerra.Adaxes.Service.exe.config file with a text editor.

  3. Locate the configuration\softerra.adaxes\ldap\encryptTraffic XML element.

  4. Set the value of the element to TRUE.

    <configuration>
        ...
        <softerra.adaxes>
            ...
            <ldap>
                <encryptTraffic>true</encryptTraffic>
    
  5. Save the file.

  6. Restart the Adaxes service.

Note

To enable Kerberos encryption in a multi-server environment, the changes should be made for all Adaxes services.