How to Bind to a Membership Directory with ADSI Using SSL (236050)


The information in this article applies to:

  • Microsoft Site Server 3.0
This article was previously published under Q236050

SUMMARY

This article describes how to bind to a Site Server Membership Directory using the Active Directory Services Interface (ADSI) version 2.5 and the Secure Sockets Layer (SSL).

MORE INFORMATION

There are several steps involved in getting an SSL bind to your membership directory. The following steps are explained below:
  1. Attaching an SSL certificate to your Lightweight Directory Access Protocol (LDAP) service.
  2. Configuring your LDAP server SSL port.
  3. Testing SSL connectivity using a sample script.

Attaching an SSL Certificate to Your LDAP Service

The main requirement for providing SSL connectivity to your membership directory is that you have an SSL certificate bound to your LDAP service. To do this, follow these steps:
  1. Open the Site Server Microsoft Management Console.
  2. Double-click to expand the Personalization and Membership (P&M) object.
  3. Double-click to expand the server where you want the SSL certificate.
  4. Double-click to expand the desired membership instance.
  5. Right-click the LDAP object and click Properties.
  6. Click the Membership Directory Security tab.
  7. Under Secure Communications, click Edit.
  8. Click Key Manager and select LDAP.
NOTE: To continue the creation of the Key request, refer to the following article in the Microsoft Knowledge Base:

228991 How to Create and Install an SSL Certificate in IIS 4.0

To install the new certificate, follow these steps:
  1. From Key Manager, click to select the New Key object beneath LDAP.
  2. Click Install Key Certificate on the Key menu.
  3. Locate the downloaded certificate file from the previous steps and enter the password when prompted.
  4. Select Default for the IP assignment and click OK.
  5. Exit Key Manager and commit the changes when prompted.

Configuring your LDAP Server SSL Port

To configure the port, follow these steps:
  1. From the Site Server Microsoft Management Console, right-click the desired LDAP instance and click Properties.
  2. On the General tab, set the SSL port to the desired port for SSL communication. This defaults to 636 plus the instance ID number.

    NOTE: If you are also using the Active User Object (AUO) interface, then you must either use port 636 or create a separate LDAP server. AUO will only use SSL to an LDAP server over port 636.
  3. Click OK.
  4. From a command prompt, restart the LDAP service by typing the following at a command prompt:

    net stop ldapsvc

    and then enter

    net start ldapsvc

Testing SSL Connectivity Using a Sample Script

To test the SSL connectivity after installing a certificate, you can execute this sample Visual Basic Script (VBS) from a command prompt:

on error resume next

Set oProvider = GetObject("LDAP:")
Set objMemContainer = oProvider.OpenDSObject("LDAP://<server>:<port>/o=<organization>/ou=Members", "cn=administrator,ou=members,o=<organization>", "<password>", 2)
If Err.number <> 0 Then
  wscript.echo "error: " & err.number
  wscript.echo "hex error: " & hex(err.number)
  wscript.echo "description: " & err.description
Else
  wscript.echo "Successful OpenDSObject using SSL."
End If

NOTE: In this script, <server> is your LDAP server name, <port> is the SSL port specified in the Configuring Your LDAP Server SSL Port section above, <organization> is the membership directory name that you specified during its creation, and <password> is the administrator's password for the membership directory.



Modification Type:MajorLast Reviewed:6/30/2006
Keywords:kbhowto KB236050
©2004 Microsoft Corporation. All rights reserved.