action.skip

Using LDAP Directories

Lightweight Directory Access Protocol (LDAP) is a TCP/IP protocol for updating and searching directories.

When you add a directory in the Administrative Console, you can choose to add Generic LDAP. When you configure an LDAP provider in the console, user and group directory services are authenticated by an LDAP service provider.

There are performance implications to using LDAP. Because each request for services goes across the network to the LDAP server every time services are requested, your LDAP configuration should be optimally configured to respond quickly to requests from Administrative Console clients.

For complete information on the LDAP parameters required to use LDAP, please refer to your LDAP server documentation.

LDAPS

When possible, you should make secure LDAP connections over SSL or TLS (LDAPS). To enable LDAPS in the Adminstrative Console, add a valid certificate and check the Secure connection box.

The Administrative Console also supports secure connections using Channel binding and Signing without extra configuration on the client. To learn more about Channel binding and Signing, as well as how to enable them on your servers, check out this article from Microsoft.

Using Active directory

Active Directory is a Microsoft technology that provides network directory services. Active Directory uses objects, which are users, systems, and resources, and places them in a hierarchical framework. Since many organizations already have an Active Directory which contains user and group information, the management server can be configured to use the Active Directory as a source for authentication and authorization information.

If you choose Active Directory when you add a directory, then default schema information is provided. You can always edit this information.

More information