I want to configure LDAP over Active directory, over internet, but its not accessible

Mayur Fegde 0 Reputation points
2024-04-26T12:43:48.6466667+00:00

I reffered the provided Documvslientation

  • Created Extra ID
  • Created USer wit ADmin Group
  • Created and configured Azure AD domain Service
  • Enabled Secure LDAP with SSL self certificate.
  • Allow port 636 for over inrternet access
  • Port is also enabled but when we checking LDAP service its not running.\
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,904 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marcin Policht 11,470 Reputation points MVP
    2024-04-26T13:05:42.4+00:00

    Entra Domain Services doesn't support exposing LDAP services to the internet

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments
  2. Yanhong Liu 2,160 Reputation points Microsoft Vendor
    2024-04-30T02:47:00.7266667+00:00

    Hello,

    Based on your description, if you have completed the above steps to configure the Microsoft Entra domain service to support secure LDAP, and also confirmed that port 636 has been opened to allow access through the Internet, but found that the LDAP service is not running, this may be caused by several Caused by:

    1. Service status check: First, make sure that the running status of the Microsoft Entra domain service itself is normal. Sign in to the Azure portal to view the health status of your managed domain and any possible alerts. Verify there are no service outages or maintenance ongoing.
    2. Network configuration: Although you mentioned that the port is enabled, you also need to check the Network Security Group (NSG) rules and firewall settings to ensure that inbound traffic to port 636 is not only open on the local server, but also on the entire network path. allow.
    3. SSL certificate issue: Although you enable secure LDAP with a self-signed certificate, sometimes improper certificate configuration may cause the service to fail to start. Verify that the certificate is correctly bound to the LDAP service and is not expired or corrupted.
    4. DNS resolution: Verify that external clients can correctly resolve your LDAP service’s FQDN to the correct IP address. Incorrect DNS configuration may prevent clients from connecting.
    5. Service restart: Sometimes, even if everything seems to be configured correctly, the service may need to be restarted for the changes to take effect. Try restarting the Microsoft Entra Domain Services related services or the managed domain controller to see if that resolves the issue.

    I hope the information above is helpful.

    Best Regards,

    Yanhong Liu

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.