Microsoft KB Archive/236050

= How to Bind to a Membership Directory with ADSI Using SSL =

Article ID: 236050

Article Last Modified on 6/30/2006

-

APPLIES TO


 * Microsoft Site Server 3.0 Standard Edition

-



This article was previously published under Q236050



SUMMARY
This article describes how to bind to a Site Server Membership Directory using the Active Directory Services Interface (ADSI) version 2.5 and the Secure Sockets Layer (SSL).



MORE INFORMATION
There are several steps involved in getting an SSL bind to your membership directory. The following steps are explained below:
 * 1) Attaching an SSL certificate to your Lightweight Directory Access Protocol (LDAP) service.
 * 2) Configuring your LDAP server SSL port.
 * 3) Testing SSL connectivity using a sample script.

Attaching an SSL Certificate to Your LDAP Service
The main requirement for providing SSL connectivity to your membership directory is that you have an SSL certificate bound to your LDAP service. To do this, follow these steps:
 * 1) Open the Site Server Microsoft Management Console.
 * 2) Double-click to expand the Personalization and Membership (P&M) object.
 * 3) Double-click to expand the server where you want the SSL certificate.
 * 4) Double-click to expand the desired membership instance.
 * 5) Right-click the LDAP object and click Properties.
 * 6) Click the Membership Directory Security tab.
 * 7) Under Secure Communications, click Edit.
 * 8) Click Key Manager and select LDAP.

NOTE: To continue the creation of the Key request, refer to the following article in the Microsoft Knowledge Base:

228991 How to Create and Install an SSL Certificate in IIS 4.0

To install the new certificate, follow these steps:
 * 1) From Key Manager, click to select the New Key object beneath LDAP.
 * 2) Click Install Key Certificate on the Key menu.
 * 3) Locate the downloaded certificate file from the previous steps and enter the password when prompted.
 * 4) Select Default for the IP assignment and click OK.
 * 5) Exit Key Manager and commit the changes when prompted.

Configuring your LDAP Server SSL Port
To configure the port, follow these steps:  From the Site Server Microsoft Management Console, right-click the desired LDAP instance and click Properties. On the General tab, set the SSL port to the desired port for SSL communication. This defaults to 636 plus the instance ID number.

NOTE: If you are also using the Active User Object (AUO) interface, then you must either use port 636 or create a separate LDAP server. AUO will only use SSL to an LDAP server over port 636. Click OK. From a command prompt, restart the LDAP service by typing the following at a command prompt:

net stop ldapsvc

and then enter

net start ldapsvc



Testing SSL Connectivity Using a Sample Script
To test the SSL connectivity after installing a certificate, you can execute this sample Visual Basic Script (VBS) from a command prompt:

on error resume next

Set oProvider = GetObject("LDAP:") Set objMemContainer = oProvider.OpenDSObject("LDAP:// : /o= /ou=Members", "cn=administrator,ou=members,o= ", " ", 2) If Err.number <> 0 Then wscript.echo "error: " & err.number wscript.echo "hex error: " & hex(err.number) wscript.echo "description: " & err.description Else wscript.echo "Successful OpenDSObject using SSL." End If

NOTE: In this script, is your LDAP server name, is the SSL port specified in the Configuring Your LDAP Server SSL Port section above, is the membership directory name that you specified during its creation, and is the administrator's password for the membership directory.

Keywords: kbhowto KB236050

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.