14 Enabling LDAP Directory Services Authentication to
Microsoft Active Directory
Certificate Services
The Microsoft implementation of LDAP over SSL requires that the Domain Controllers install DC
certificates from the CA of the organization. This process occurs when the Enterprise Root CA
service is added to a server in Active Directory. HP strongly recommends using an Enterprise Root
CA to minimize the complexities of requesting and accepting DC certificates from a standalone
CA.
Preparing the directory
For a normal production environment, similar groups already exist in some form, but the following
group names can be used as-is if desired.
To prepare the directory:
1.
Create an Active Directory group named OA Admins, and then put a user named Test Admin
to this group
2.
Create a group called OA Operators, and then add a user named Test Operator to this group.
User permissions are irrelevant.
Preparing the Onboard Administrator
To prepare the Onboard Administrator:
Certificate Services
175