Encrypt traffic between Adaxes and Active Directory
To communicate with Active Directory, Adaxes service uses the LDAP protocol. By default, encrypted LDAPS connections are established only before performing security-sensitive operations, like changing passwords. The rest of the LDAP traffic is not encrypted. You can encrypt all the traffic between Adaxes service and Active Directory using SSL or Kerberos.
All traffic between Adaxes and Microsoft Entra ID is always encrypted by default.
SSL
When SSL encryption is enabled, Adaxes will always establish encrypted LDAPS connections before performing any operation in a specific managed domain. To enable the encryption:
-
Launch Adaxes Administration console.
How { #collapse1}
-
On the computer where Adaxes Administration console is installed, open Windows Start menu.
-
Click Adaxes Administration Console.
-
-
In the Console Tree, expand the Adaxes service node (the icon represents service nodes).
-
Expand Managed Domains.
-
Right-click the Active Directory domain you need and then click Properties in the context menu.
-
Activate the SSL Usage tab.
-
Select Always.
Kerberos
When Kerberos encryption is enabled, all the traffic for all managed domains will be encrypted. To enable the encryption:
-
Navigate to the folder where Adaxes service is installed. By default, the folder is C:\Program Files\Softerra\Adaxes 3\Service.
-
Open the Softerra.Adaxes.Service.exe.config file with a text editor.
-
Locate the configuration\softerra.adaxes\ldap\encryptTraffic XML element.
-
Set the value of the element to
true
.<configuration> ... <softerra.adaxes> ... <ldap> <encryptTraffic>true</encryptTraffic>
-
Save the file.
-
Restart the Adaxes service.
To enable Kerberos encryption in a multi-server environment, the changes should be made for all Adaxes services.