How to Bind to a Membership Directory with ADSI Using SSL

ID: Q236050

The information in this article applies to:
  • Microsoft Site Server version 3.0

SUMMARY

This article describes how to bind to a Site Server Membership Directory using the Active Directory Services Interface (ADSI) version 2.5 and the Secure Sockets Layer (SSL).


MORE INFORMATION

There are several steps involved in getting an SSL bind to your membership directory. The following steps are explained below:

  1. Attaching an SSL certificate to your Lightweight Directory Access Protocol (LDAP) service.


  2. Configuring your LDAP server SSL port.


  3. Testing SSL connectivity using a sample script.


Attaching an SSL Certificate to Your LDAP Service

The main requirement for providing SSL connectivity to your membership directory is that you have an SSL certificate bound to your LDAP service. To do this, follow these steps:
  1. Open the Site Server Microsoft Management Console.


  2. Double-click to expand the Personalization and Membership (P&M) object.


  3. Double-click to expand the server where you want the SSL certificate.


  4. Double-click to expand the desired membership instance.


  5. Right-click the LDAP object and click Properties.


  6. Click the Membership Directory Security tab.


  7. Under Secure Communications, click Edit.


  8. Click Key Manager and select LDAP.


NOTE: To continue the creation of the Key request, refer to the following article in the Microsoft Knowledge Base:
Q228991 How to Create and Install an SSL Certificate in IIS 4.0
To install the new certificate, follow these steps:
  1. From Key Manager, click to select the New Key object beneath LDAP.


  2. Click Install Key Certificate on the Key menu.


  3. Locate the downloaded certificate file from the previous steps and enter the password when prompted.


  4. Select Default for the IP assignment and click OK.


  5. Exit Key Manager and commit the changes when prompted.


Configuring your LDAP Server SSL Port

To configure the port, follow these steps:
  1. From the Site Server Microsoft Management Console, right-click the desired LDAP instance and click Properties.


  2. On the General tab, set the SSL port to the desired port for SSL communication. This defaults to 636 plus the instance ID number.

    NOTE: If you are also using the Active User Object (AUO) interface, then you must either use port 636 or create a separate LDAP server. AUO will only use SSL to an LDAP server over port 636.


  3. Click OK.


  4. From a command prompt, restart the LDAP service by typing the following at a command prompt:

    net stop ldapsvc
    and then enter
    net start ldapsvc


Testing SSL Connectivity Using a Sample Script

To test the SSL connectivity after installing a certificate, you can execute this sample Visual Basic Script (VBS) from a command prompt:

on error resume next

Set oProvider = GetObject("LDAP:")
Set objMemContainer = oProvider.OpenDSObject("LDAP://<server>:<port>/o=<organization>/ou=Members", "cn=administrator,ou=members,o=<organization>", "<password>", 2)
If Err.number <> 0 Then
  wscript.echo "error: " & err.number
  wscript.echo "hex error: " & hex(err.number)
  wscript.echo "description: " & err.description
Else
  wscript.echo "Successful OpenDSObject using SSL."
End If
NOTE: In this script, <server> is your LDAP server name, <port> is the SSL port specified in the Configuring Your LDAP Server SSL Port section above, <organization> is the membership directory name that you specified during its creation, and <password> is the administrator's password for the membership directory.


For additional information, please see the following article(s) in the Microsoft Knowledge Base:
Q236005 OpenDSObject Call Returns Error 0x80072027 After Upgrade to ADSI 2.5

Additional query words:

Keywords :
Version : winnt:3.0
Platform : winnt
Issue type : kbhowto


Last Reviewed: August 19, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.