Server Fault Asked by Dileep Jose on February 12, 2021
We have around 50 applications currently configured with LDAP and we have around 20 Domain Controllers. As per the security best practice we have to migrate all these applications from LDAP to LDAPS.
Currently, all applications are connected using Domain’s "NETBIOS" name so there no need to worry about high availability.
What is the best design approach to achieve high availability for LDAPS?
Prefer not to configure individual DC servers as LDAPS servers in the application.
Note: all the servers (DC and application servers) are enrolled in on-prem PKI.
It depends on the application, but generally speaking the application owner is responsible for ensuring it uses an available and healthy domain controller.
Also your statement of using the domain single label name - that does not provide high availability.
If all you want to do is connect to a uniform name and not individual domain controller names, include the domain name in the Subject Alternative Name (SAN) for the certificates.
Answered by Greg Askew on February 12, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP