Configure the LDAP connection to Active Directory.

Enable LDAPS

Select Yes to use LDAPS (secure LDAP) for all connections to Active Directory; select No to use LDAP for connections to Active Directory.

Mandatory: No. This setting defaults to No.

CA Certificates File Format (P12 or PEM)

The format of the file containing the CA certificate chain for the Active Directory server certificate.Select;

  • P12 if the file is a P12 truststore.
  • PEM if the file is a PEM-formatted file.

Mandatory: When Enable LDAPS is Yes.

WSTEP LDAPS Trusted CA Certificates File (PEM)

A PEM-formatted file that contains the CA certificate chain for Active Directory's server certificate.

Mandatory: When CA Certificates File Format (P12 or PEM) is PEM.

WSTEP LDAPS Truststore File (P12)

An LDAPS Truststore file (P12 file) that contains the CA certificate chain for Active Directory's server certificate.

Mandatory: When CA Certificates File Format (P12 or PEM) is P12.

LDAPS Truststore Password

The password of the LDAPS Truststore file for LDAPS authentication to Active Directory. 

Mandatory: When CA Certificates File Format (P12 or PEM) is P12.

LDAP Port

The LDAP or LDAPS port to connect to Active Directory.

Mandatory: No. This setting defaults to port 389 (LDAP) or 636 (LDAPS).

Global Catalog Port

The port for connecting with the global catalog in Active Directory.

Mandatory: No. This setting defaults to port 3268 (LDAP) or 3269 (LDAPS).

LDAP Connect Timeout

The number of milliseconds Certificate Enrollment Gateway will wait for Active Directory to establish a connection before aborting the connection attempt.

Mandatory: No. This setting defaults to 30000 (30 seconds).

LDAP Read Timeout

The number of milliseconds Certificate Enrollment Gateway will wait for Active Directory to respond to an LDAP request before aborting the read attempt.

Mandatory: No.  This setting defaults to 30000 (30 seconds).

Username

The username for WSTEP to connect with the Active Directory domain. It can be the username of any Active Directory Domain user.

This domain user account must be a service logon account without any special permissions. This service account will be used for read-only access with LDAP and Global Catalog.

Mandatory: When Authentication Type for LDAP and Global Catalog Connections is Username/Password.

Password

The password for WSTEP to connect to Active Directory.

Mandatory: When Authentication Type for LDAP and Global Catalog Connections is Username/Password.