A common method of securing LDAP communication is using an SSL tunnel . This is denoted in LDAP URLs by using the URL scheme “ldaps”. The use of LDAP over SSL was common in LDAP Version 2 (LDAPv2) but it was never standardized in any formal specification. The usage of LDAPS has been deprecated and LDAPv2 was officially retired in 2003. As a result Sentinel Messaging does not support this communication method.
For organizations wishing to manage their users via the Sentinel Messaging Active Directory sync service, we recommend the following:
- Configure Active Directory to force inbound connections over TLS (StartTLS)
- Configure the Firewall to only allow access to Active Directory from Sentinel Messaging IP ranges
- LDAPS/LDAPv2: http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
- StartTLS: https://en.wikipedia.org/wiki/LDAPS#StartTLS
- Sentinel Messaging Data Center IP’s: IP Addresses