7.1 Securing LDAP Communications between Filr and Active Directory

IMPORTANT:On NODS, all administrative passwords are novellfilr.

  1. Generate a self-signed certificate for Active Directory.

    1. On the Windows server, click Start > Run, then enter mmc.

    2. In MMC, type Ctrl+M.

    3. In the Add or Remove Snap-ins dialog, select the Internet Information Services (IIS) Manager snap-in.

      If the snap-in is not installed on your Windows server, install it.

    4. With IIS selected, click Add, then click OK.

    5. In the left frame, click Internet Information Services, then click a Windows server that Filr can connect to for synchronizing the test users that you created in Section 4.0, Creating Test Users.

    6. In the Filter list, scroll down to Server Certificates and double-click the icon.

    7. In the Actions list (on the right), click Create Self-Signed Certificate.

    8. Name the certificate with a name you can remember, such as the server name, then click OK.

    9. Type Ctrl+M, select the Certificates plug-in, then click Add.

    10. Select Computer account, then click Next.

    11. Click Finish.

    12. In the Snap-ins dialog, click OK.

      If you get a plug-in error, click Cancel.

    13. In MMC, expand the Certificates plug-in, expand Personal, then click Certificates.

    14. Right-click the certificate you created, select All Tasks, then click Export....

    15. In the Certificate Export wizard, click Next.

    16. Ensure that No, do not export the private key is selected, then click Next.

    17. Ensure that DER encoded binary is selected, then click Next.

    18. Name the certificate, then click Next.

    19. Click Finish > OK.

      By default, the certificate is saved in C:\Users\Your-User-Name.

      On NODS, the directory is C:\Users\Administrator.

  2. On the Windows server, open a browser and import the server’s certificate into the Filr appliance’s Java Keystore:

    1. In the Windows server browser, launch the Filr Console through the following URL:

      https://Appliance_IP_Address:9443

      For example, on NODS this is

      https://172.17.2.112:9443

    2. Click through all of the security warnings, add certificates, etc., here and later, and verify that you want to access the server.

    3. Log in as vaadmin with the password novellfilr.

    4. Click the Appliance System Configuration icon.

      If you have accessed the console previously, you might need to click the Home link in the upper-right corner to see the icon.

    5. Click the Digital Certificates icon.

    6. Click File > Import > Trusted Certificate.

    7. Browse to the certificate file that you saved in Step 1.s, then click Open.

    8. Click OK > OK.

    9. Click Close.

    10. Click Reboot > OK > OK.

    11. Close the browser on the Windows server.

As soon as the Filr appliance restarts, both the Windows server and Filr are prepared for the exercises in Section 7.2, Synchronizing LDAP Users.