As an App Volumes administrator, you can choose to connect to Active Directory over a secure or insecure LDAP connection.
- Secure LDAP (LDAPS) - Connect to Active Directory over a dedicated LDAPS port. The default port number for LDAPS is 636. If you choose to validate the root certificate of the domain, you must have already downloaded the CA certificate. App Volumes uses this certificate to trust the connection.
- LDAP over TLS - Connect to Active Directory over TLS. The default port number is 636. If you choose to validate the root certificate of the domain, you must have already downloaded the CA certificate. App Volumes uses this certificate to trust the connection.
Note: You can use LDAP channel binding with secure LDAP connections: LDAPS and LDAP over TLS. When LDAP Channel Binding is enabled in Active Directory, this security feature enables and enforces checks for the presence of channel binding information during LDAP authentication performed for the secure LDAP connections. For information about LDAP Channel binding and setting the registry key for this security feature, see the relevant Microsoft documentation.
- LDAP (insecure) - Connect to Active Directory over an insecure connection over plain LDAP. The default port number is 389.
The initial binding however, occurs over GSS-SPNEGO.
Note: Currently, App Volumes Manager does not support LDAP Signing. To use LDAP insecure, LDAP Signing must be disabled in the Active Directory. To disable LDAP Signing, the LDAPServerIntegrity registry key value must be set to1
in Active Directory. For information about setting the registry key, see the relevant Microsoft documentation.
The
Disable certificate validation(insecure) checkbox enables you to connect securely to Active Directory over LDAPS or LDAP over TLS without validating a domain certificate. Depending on whether you are upgrading from an older version of
App Volumes, and if you had connected securely to Active Directory in your earlier installation of
App Volumes, or if you are performing a fresh installation, the
Disable certificate validation(insecure) box may be checked or unchecked in the latest version of App Volumes.
Note: The
Disable certificate validation(insecure) checkbox is visible only if you select LDAPS or LDAP over TLS.