LDAPS – Benefits & Additional Features

Posted on 7th December 2016

LDAPS – Security & Enables Additional Features

By enabling LDAPS on an Active Directory Domain Controller, Foldr can be configured to authenticate users securely over SSL port 636.  Along with the security benefits that this brings, additional password management features are also then available within Foldr:

  1. Active Directory Password Control
  2. Delegated Password Control

Enabling LDAPS on the Domain Controller is beyond the scope of this KB article, however the following links provide useful information regarding the two common methods of activating this feature:

http://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx

https://www.petri.com/enable-secure-ldap-windows-server-2008-2012-dc

 

Active Directory Password Control

This allows users to change their own Active Directory password from within Foldr itself using the web interface or the iOS or Android apps.

This feature is disabled by default.  To enable this feature:

  1.  Ensure the domain controller is configured to accept LDAPS connections on port 636 (Use LDP utility on the Windows DC)
  2.  Configure the LDAP Server within Foldr Settings >> General >> LDAP Server to use the prefix ldaps://
  3.  Enable Password Control within Foldr Settings >> Security >> Password Settings

password5

In addition to password reset, Foldr will handle password expiration gracefully and respects complexity required set by an organisation’s password policy.  In the event of a password expiring, the user will be prompted to change their password from the Foldr interface (web, iOS or Android)

Delegated Password Reset

Allows trusted users or groups of users to reset nominated domain users passwords from the web app.  This could be useful in an educational environment allowing teachers to securely reset student passwords or designated staff to assist with password reset without involving the IT helpdesk.

This feature is disabled by default.  To enable this feature:

  1.  Ensure the domain controller is configured to accept LDAPS connections on port 636 (Use LDP utility on the Windows DC)
  2.  Configure the LDAP Server within Foldr Settings >> General >> LDAP Server to use the prefix ldaps://
  3.  Enable Password Control within Foldr Settings >> Security >> Delegated Password Control

A new static password may be set by the trusted user using the delegated password reset feature and can optionally select the ‘must change password at next login’.

password2

Need more help?

Get in touch with our friendly help desk who will be happy to assist you, support@foldr.io