Switch to LDAPS

In order to use secure LDAPS in Web Safety you need to set the radio box in Admin UI / Squid / Auth / Active Directory, tab LDAP Integration as shown on the following screenshot.

Switch LDAPS Radio Button On

Case 1. LDAPS in Active Directory is NOT configured yet

If you click on Test Connection now and you have not configured LDAPS yet, connection test should fail with the error shown below (connection failed, cannot contact server). This happens because usually domain controllers do not support LDAPS out of the box and additional configuration is required (see previous article explaining how this can be done).

LDAPS Test Connection Failure 1

On your domain controller the following event 1220 will also be recorded, clearly indicating the LDAPS was not yet properly configured in Active Directory.

LDAPS Event 1220

LDAP over Secure Sockets Layer (SSL) will be unavailable at this time 
because the server was unable to obtain a certificate.

Case 2. LDAPS in Active Directory IS already configured

If you have configured support for LDAPS in your Active Directory, test connection may still fail as we also need to do the second required step in configuration, i.e. we must configure Web Safety to trust the LDAPS certificate presented by the domain controller.

To do that, click on View or edit currently configured LDAPS certificates and click on Detect automatically as indicated on the screenshot below. Warning - your LDAPS connection will not work until you see correct information over the server LDAPS certificate as indicated on screenshot below.

LDAPS Detect

Do not forget to Test Connection after you enable LDAPS protocol support!

LDAPS Test Connection Success

Note

If you have two or more domain controllers serving LDAPS requests you need to manually combine their certificates for Web Safety, this can be done by simply catting together the PEM files of those domain controllers cat pem1 pem2 > ldaps.pem and uploading this new ldaps.pem into Admin UI manually.