This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD Authetnication and SSL

Timothy_Shepler
Champ on-the-rise
Champ on-the-rise

‎02-06-2014 08:18 AM

If you are using the Active Directory Autthenitcation security, will it communicate with AD that is using SSL?  I have a customer that is thinking of switching over from OnBase local security to Active Directory, but they have AD setup to use SSL (communicating with Global Catalog SSL Port 3269, they run multiple domains within AD).

Will the AD authentication security support this type of communication?

Labels:
0 Kudos
10 REPLIES 10

AdamShaneHyland
Employee
Employee

‎02-07-2014 09:35 AM

Hi Tim,

Thanks for the post.  I believe that the customer is using SSL over LDAP  to communicate with their Global Catalog server.  Here are two posts which I found from Microsoft which point to this type of communication:

Global Catalog Tools and Settings

How to enable LDAP over SSL with a third-party certification authority 

 

This is possible through the used of the LDAP authentication method (Config | Utils | Network Security | LDAP | Check the SSL check box).  Our QA department is testing the functionality to see if it will function natively with our Active Directory authentication methods.

Take care.

0 Kudos

Timothy_Shepler
Champ on-the-rise
Champ on-the-rise

‎02-14-2014 07:24 AM

Using the LDAP option in Network Security and specifing the port number; won't that only work with a single domain and also use the port 636 for communications?  From my understanding, you can usd LDAPS (port 636) if using AD and a single domain, but if you are using multiple domains your need to access the Global Catalog via SSL (port 3269). 

So for the example of the Global Catelog, can the LDAP option (in network security) work?

0 Kudos

AdamShaneHyland
Employee
Employee

‎02-14-2014 08:24 AM

Hi Tim,

The LDAP option in OnBase Config is not "technically" domain specific, but more so server specific.  When configuring authentication through LDAP within OnBase, you would configure the individuals servers, not the domains.  In the case that you have a domain with multiple DC/GC server, you would configure each independently. 

It potentially might be possible to configure the domain in the address allowing the workstation to figure out which DC it should communicate in order to authenticate users. This would then allow for the workstation to determine which DC/GC it should connect to allowing for redundancy in case of failed communication to the LOGONSERVER.  It all depends on where you are looking and how you would like to direct the authentication.

That being said, I did a quick test with a domain configured, not a specific server (ie Host: domain.com instead of 192.168.1.1) on a domain configured for LDAP over SSL which also accepted communication over port 3269 and it appeared to work as expected.  I did not monitor the traffic to see if it was connecting to the GC or one of the other DC's configured in this particular domain.  This does not constitute a statement from Hyland that it will work, but something that I tested quickly.  I would recommend reaching out to your first line of support to further investigate this request.

Take care.

 

0 Kudos

Timothy_Shepler
Champ on-the-rise
Champ on-the-rise

‎02-17-2014 01:04 PM

Thanks for you help, one other question.  Since the testing your performed works with the LDAP authentication option, can the same communication occur with the Active Directory option as well or, in my example, does the customer have to go the LDAP angle in order to use SSL they want they need, i.e. port 3269?

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC