Skip to main content
Skip table of contents

Connection to Azure Active Directory Domain Services (ADDS)

This article shows you how to set up a secure LDAP connection in an Azure ADDS environment. Even if you have no prior knowledge of ADDS, this document will provide detailed guidance to ensure correct and secure configuration.

Prerequisites

  1. Azure Active Directory license: A valid Azure AD license is required to make the LDAP connection.

  2. Domain Controller access: Make sure you have the appropriate permissions to configure the LDAP options on the domain controller.

  3. Environment configured for SSL (optional): If you want to use a secure connection (LDAPS), the environment needs to support SSL.

Information required for configuration

  1. Domain name:

  2. Enable SSL: If the environment supports it, it is recommended to use a secure connection (SSL). This protects the data during transfer.

    • Why use it: SSL ensures that the data transmitted between the client and the LDAP server is encrypted.

  3. Server address: This is the IP address or host name of your domain controller.

Example: ldap.contoso.com

  1. Port (default: 636 for LDAP SSL): The default port for a secure LDAP connection (LDAPS) is 636. If you are not using SSL, the default port will be 389.

  2. Validate Certificate: Make sure that the SSL certificate on the server is valid. Validating the certificate is important to ensure the authenticity and security of the connection.

  3. LDAP Version: The default version used for the LDAP protocol is version 3. Do not change this value unless you are sure that your environment requires a different version.

  4. Authentication Type: Here you choose the authentication method used in LDAP communication:

    • Basic: The login and password are sent in plain text, so it should only be used if the connection is protected by SSL.

    • Negotiate: Authentication recommended for Windows environments, where credentials are encrypted, even without SSL.

In NDD Print Host it is only possible to select the type of authentication that will be used to carry out LDAP communication. The Basic or Negotiate settings must be defined directly on the domain server.

  1. Timeout(s): Sets the waiting time (in seconds) for the server to respond during domain searches. A common value would be 30 seconds.

  2. Search User: This is the user that will be used to perform queries in the LDAP domain. The format depends on the type of domain.

    • Active Directory domains: Example: usertest

    • OpenLdap domains: Example: CN=userteste,DC=teste,DC=local

  3. Use DN for Connection: If the Distinguished Name (DN) needs to be entered for the connection, enable this option. This applies in environments where the domain name alone is not sufficient for authentication.

DN command example: CN=User,OU=People,DC=Domain,DC=com

  1. Password: Password of the user who will be used to perform queries in the domain.

  2. Validate User: Once you have configured the user and password, you can perform a connection test to check that it is correct.

  3. DN Base: The DN Base defines where queries will start in the domain hierarchy. If you don't know which Base DN to use, click on the “Search DNs” option to view the available options.

Search options (advanced)

These options can be used to optimize and personalize your LDAP searches:

  • Pagination Size: Defines how many records will be returned on each page of results.

  • Size Limit: Sets a limit on the total number of records returned.

  • Timeout: The maximum time the LDAP server should take to process a search.

  • Critical Operation Control: Defines whether the LDAP operation needs to be completed critically.

  • Server Managed Search Options: These options are provided for greater control over how the server processes LDAP searches.

Configuration Examples

Example with SSL enabled

TEXT 
Domain Name: http://contoso.com 
Server Address: ldap.contoso.com
Port: 636
Enable SSL: Yes
Validate Certificate: Yes
LDAP Version: 3
Authentication Type: Negotiate
Timeout: 30s
Base DN: DC=contoso,DC=com

Example without SSL

TEXT 
Domain Name: contoso.com
Server Address: ldap.contoso.com
Port: 389
Enable SSL: No
Validate Certificate: No
LDAP Version: 3
Authentication Type: Basic
Timeout: 30s
Base DN: DC=contoso,DC=com

For more details on how to configure secure LDAP in a domain managed by Azure ADDS, see the official Azure ADDS documentation.

{{component-feedback-article}}

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close