Which of the following is a best practice when setting up a client to use the LDAPS protocol with a server?
A.
The client should follow LDAP referrals to other secure servers on the network
B.
The client should trust the CA that signed the server’s certificate
C.
The client should present a self-signed certificate to the server
D.
The client should have access to port 389 on the server
Enabling LDAPS for Client Authentication
Enabling LDAPS on the client is not necessary to protect credentials passed from the client to the server when LDAPS is already enabled on the server. This just allows the client to actually authenticate itself to the server – an extra layer of protection to ensure that the client connecting as COMPUTER_X is actually COMPUTER_X and not some other computer trying to authenticate with COMPUTER_X credentials. The client must be using a certificate from a CA that the LDAP server trusts. Client certificates and AD DS accounts are mapped using altSecurityIdentities, which can be done through various methods. Certificates are presented to the server during the Transport Layer Security (TLS) key exchange
0
0
B
0
0