You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-netapp-files/configure-ldap-over-tls.md
+17-16Lines changed: 17 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,29 +1,29 @@
1
1
---
2
-
title: Configure AD DS LDAP over TLS for Azure NetApp Files | Microsoft Docs
2
+
title: Configure AD DS LDAP over TLS for Azure NetApp Files
3
3
description: Describes how to configure AD DS LDAP over TLS for Azure NetApp Files, including root CA certificate management.
4
4
services: azure-netapp-files
5
5
author: b-hchen
6
6
ms.service: azure-netapp-files
7
7
ms.topic: how-to
8
-
ms.date: 04/17/2024
8
+
ms.date: 07/01/2025
9
9
ms.author: anfdocs
10
10
---
11
11
# Configure AD DS LDAP over TLS for Azure NetApp Files
12
12
13
-
You can use LDAP over TLS to secure communication between an Azure NetApp Files volume and the Active Directory LDAP server. You can enable LDAP over TLS for NFS, SMB, and dual-protocol volumes of Azure NetApp Files.
13
+
You can use Lightweight Directory Access Protocol (LDAP) over TLS to secure communication between an Azure NetApp Files volume and the Active Directory LDAP server. You can enable LDAP over TLS for NFS, SMB, and dual-protocol volumes of Azure NetApp Files.
14
14
15
15
## Considerations
16
16
17
-
* DNS PTR records must exist for each AD DS domain controller assigned to the **AD Site Name** specified in the Azure NetApp Files Active Directory connection.
17
+
* DNS pointer (PTR) records must exist for each AD DS domain controller assigned to the **AD Site Name** specified in the Azure NetApp Files Active Directory connection.
18
18
* PTR records must exist for all domain controllers in the site for AD DS LDAP over TLS to function properly.
19
19
20
20
## Generate and export root CA certificate
21
21
22
-
If you do not have a root CA certificate, you need to generate one and export it for use with LDAP over TLS authentication.
22
+
If you don't have a root CA certificate, you need to generate one and export it for use with LDAP over TLS authentication.
23
23
24
-
1.Follow [Screenshot of the the Certification Authority.](/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority) to install and configure AD DS Certificate Authority.
24
+
1.[Install the Certification Authority (CA) on Windows Server.](/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority)
25
25
26
-
2.Follow [Screenshot of the view certificates with the MMC snap-in.](/dotnet/framework/wcf/feature-details/how-to-view-certificates-with-the-mmc-snap-in) to use the MMC snap-in and the Certificate Manager tool.
26
+
2.[View certificates with the Microsoft Management Console (MMC) snap-in.](/dotnet/framework/wcf/feature-details/how-to-view-certificates-with-the-mmc-snap-in)
27
27
Use the Certificate Manager snap-in to locate the root or issuing certificate for the local device. You should run the Certificate Management snap-in commands from one of the following settings:
28
28
* A Windows-based client that has joined the domain and has the root certificate installed
29
29
* Another machine in the domain containing the root certificate
@@ -38,30 +38,31 @@ If you do not have a root CA certificate, you need to generate one and export it
38
38
39
39
## Enable LDAP over TLS and upload root CA certificate
40
40
41
-
1. Go to the NetApp account used for the volume, and select **Active Directory connections**. Then, select **Join** to create a new AD connection or **Edit** to edit an existing AD connection.
41
+
1. Go to the NetApp account used for the volume, then select **Active Directory connections**.
42
42
43
-
2. In the **Join Active Directory** or **Edit Active Directory** window that appears, select the **LDAP over TLS** checkbox to enable LDAP over TLS for the volume. Then select **Server root CA Certificate** and upload the [generated root CA certificate](#generate-and-export-root-ca-certificate) to use for LDAP over TLS.
43
+
1. Select **Join** to create a new AD connection or **Edit** to edit an existing AD connection.
44
+
45
+
1. In the **Join Active Directory** or **Edit Active Directory** window that appears, select the **LDAP over TLS** checkbox to enable LDAP over TLS for the volume. Then select **Server root CA Certificate** and upload the [generated root CA certificate](#generate-and-export-root-ca-certificate) to use for LDAP over TLS.
44
46
45
47
46
48
47
49
Ensure that the certificate authority name can be resolved by DNS. This name is the "Issued By" or "Issuer" field on the certificate:
48
50
49
51
50
52
51
-
If you uploaded an invalid certificate, and you have existing AD configurations, SMB volumes, or Kerberos volumes, an error similar to the following occurs:
52
-
53
-
`Unable to validate the LDAP client configuration from LDAP server, please check connectivity or LDAP settings under AD connection.`
53
+
If you uploaded an invalid certificate, and you have existing AD configurations, SMB volumes, or Kerberos volumes, an error similar to the following occurs: `Unable to validate the LDAP client configuration from LDAP server, please check connectivity or LDAP settings under AD connection.`
54
54
55
-
To resolve the error condition, upload a valid root CA certificate to your NetApp account as required by the Windows Active Directory LDAP server for LDAP authentication.
55
+
To resolve the error condition, upload a valid root CA certificate to your NetApp account as required by the Windows Active Directory LDAP server for LDAP authentication.
56
56
57
57
## Disable LDAP over TLS
58
58
59
-
Disabling LDAP over TLS stops encrypting LDAP queries to Active Directory (LDAP server). There are no other precautions or impact on existing ANF volumes.
59
+
Disabling LDAP over TLS stops encryption LDAP queries to Active Directory (LDAP server). There are no other precautions or impact on existing Azure NetApp Files volumes.
60
60
61
-
1. Go to the NetApp account that is used for the volume and select **Active Directory connections**. Then select **Edit** to edit the existing AD connection.
61
+
1. Go to the NetApp account used for the volume then select **Active Directory connections**.
62
62
63
-
2. In the **Edit Active Directory**window that appears, deselect the **LDAP over TLS** checkbox and select **Save** to disable LDAP over TLS for the volume.
63
+
1. Select **Edit**to edit the existing AD connection.
64
64
65
+
2. In the **Edit Active Directory** window that appears, deselect the **LDAP over TLS** checkbox then select **Save** to disable LDAP over TLS for the volume.
0 commit comments