When you configure an Active Directory, you can choose to have App Volumes Manager communicate securely with the Active Directory.

About this task

App Volumes Manager verifies the certificate presented by the Active Directory domain controllers when registering Active Directory with LDAPs or LDAP over TLS enabled. If the certificate is valid, App Volumes Manager connects to Active Directory securely. If the certificate is invalid, you will get an error and will not be able to proceed further. If domain controllers have invalid certificates, users and computers from this domain will not be able to receive assigned AppStacks or Writable Volumes. In addition, access to the App Volumes Manager console will be denied locking out further login attempts. If the App Volumes Manager denies access due to LDAP over TLS, see (document) to disable the security and regain access to the manager.

Prerequisites

  • Active Directory must be configured for LDAP over SSL (LDAPS) or StartTLS (LDAP over TLS).

  • Root certification authority (CA) certificates of the Active Directory domains - If the certificates are not in PEM (Base64 encoded) format, see the OpenSSL or similar documentation to convert the file to PEM format.

    Note:

    When you have multiple root certificates from different domains, you can combine all the PEM formatted certificates into a single file by copying the contents of each file one by one to a single .pem file.

  • In App Volumes Manager, domain controller host names that are specified in the domain controller hosts field must match the certificate host names.

Procedure

  1. Ensure the name of the PEM formatted certificate file is adCA.pem.
  2. On each App Volumes Manager server, copy the adCA.pem file to the /config directory where the App Volumes Manager is installed.

    The default installation location for App Volumes Manager is C:\Program Files (x86)\Cloud Volumes\Manager.

  3. Restart the App Volumes Manager servers.
  4. Using App Volumes Manager, configure the Active Directory Connection to use LDAP over SSL (LDAPS) or StartTLS (LDAP over TLS).