This article covers the Microsoft and Mimecast requirements to enable this. For your security, Mimecast recommends that On-Premises Active Directory (LDAP) integrations be secured using LDAPS.
Considerations
What are Microsoft's requirements to enable Secure LDAP?
- The SSL certificate that you use must be valid for Server Authentication.
- The Subject name or the first name that appears in the Subject Alternative Name (SAN) of the SSL certificate you use must match the Fully Qualified Domain Name (FQDN) of the host machine on which you will be installing the certificate.
What are the Mimecast requirements to use Secure LDAP?
- You must use a security certificate issued by a Mimecast trusted Certification Authority.
- The SSL certificate must have a key length of at least 1024 bits.
- Your firewall must accept connections from the Mimecast IP range and direct these connections to your Domain Controller.
Information on Mimecast trusted Certification Authorities are found in the Secure Socket Layers (SSL) Certificates article.
What if I want to use a Self-Signed Certificate?
While this is not recommended, Mimecast offers secure LDAP support using a Self-Signed certificate. See the Enabling LDAP Directory Synchronization for Active Directory page for details of how to do this.
What if the Key length of my certificate is less than 1024 bits?
While this is not recommended, Mimecast offers secure LDAP support using certificates with a key length of fewer than 1024 bits. Please get in touch with our support teams, which can enable this support on your behalf.
Walkthrough
See the "How to Enable LDAP Over SSL with a third-Party Certification Authority " article on the Microsoft Support site for complete guidance on how to set up your Domain Controller to accept Secure LDAP connections.
Next Steps
Once your Domain Controller has Secure LDAP enabled, you are ready to set up your Mimecast Directory Synchronization connection. See the Directory Synchronization page for guidance.
Comments
Please sign in to leave a comment.