When configuring the SO10Web to Authenticate via Active Directory by using the <ActiveDirectoryCredentialPlugin> settings in Web.Config the system is using LDAP for communicating with AD. I got a question from the IT-department of a customer that is planning to upgrade from SuperOffice 8 to 10 (not migrating to Online yet because of some other legacy systems) - if this connection is done by LDAPS (that is with SSL).
What is required to force this authentication not to be done in "plain LDAP" but to use LDAPS? And is there a possibility to use "Signed LDAP" authentication? Are there any configuration possibilities for this in SuperOffice itself - or do SuperOffice rely on configurations done on the Windows Server that is running the IIS?
Allt Svar (1)
Hi Atle,
When you specify the ActiveDirectoryCredentialPlugin settings, these map to a PrincipalContext constructor, which accepts three things:
- ContextType (Always ContextType.Domain)
- Name of the domain
- Container
The name of the domain can be into form of a DNS address, with or without the protocol. Therefore, according the the docs, the following should be accepted:
subdomain.sample.comLDAP://subdomain.sample.comLDAPS://subdomain.sample.com:636
Example:
<ActiveDirectoryCredentialPlugin>
<add key="Domain" value="ldaps://example.com:636" />
<add key="Container" value="OU=,DC=,DC=" />
<add key="User" value="" />
<add key="Password" value="" />
</ActiveDirectoryCredentialPlugin>This should work. I would consider it a bug if it does not.