Ignite Global Support Home Start a conversation Sign in
Start a conversation
  1. DNN Corp. Customer Support
  2. DNN Articles
  3. Articles

Resolving Insecure LDAP Connections in DNN Evoq Environment

Overview

You may encounter occasional insecure LDAP connections instead of secure LDAPS connections in your DNN Evoq environment. This issue can occur if the DNNPro_ActiveDirectoryAuthentication extension falls back to LDAP when LDAPS fails, potentially due to certificate issues or domain controller unavailability on port 636. The recommended solution involves verifying LDAPS configuration and certificate validity, testing connectivity, and blocking insecure LDAP via firewall rules.

Information

Issue: Occasional insecure LDAP connections instead of LDAPS in DNN Evoq environment

Affected Version: DNNPro_ActiveDirectoryAuthentication 9.13.3

Resolution Steps:

  1. Verify LDAPS Configuration:
    • Ensure that the LDAPS configuration is correctly set in your DNN environment.
    • Check the validity of the SSL certificate used for LDAPS on the affected domain controller.
  2. Test LDAPS Connectivity:
    • Use tools like ldp.exe or openssl to test LDAPS connectivity from the DNN server to the domain controller.
    • Confirm that the domain controller is accessible on port 636.
  3. Implement Firewall Rules:
    • Configure firewall rules to block insecure LDAP (port 389) traffic from the DNN server to the domain controllers.
    • Ensure that only LDAPS traffic is allowed.
  4. Review DNS and Network Configuration:
    • Verify that the round-robin DNS alias includes only domain controllers properly configured for LDAPS.
    • Check for any DNS or network anomalies that might affect connectivity.
  5. Monitor and Validate:
    • After implementing the above steps, monitor the connections to ensure that only LDAPS is used.
    • Validate that no insecure LDAP connections are occurring.

Note: If issues persist, consider reviewing the DNNPro_ActiveDirectoryAuthentication extension settings and consult with support for further assistance.

Frequently Asked Questions

How do I know if my DNN environment is using insecure LDAP connections?
You may notice occasional LDAP connections instead of LDAPS in your logs or monitoring tools. This can indicate a fallback to insecure LDAP.
What should I do if LDAPS connections fail?
Verify the LDAPS configuration and certificate validity, test connectivity using tools like ldp.exe or openssl, and ensure the domain controller is accessible on port 636.
How can I prevent fallback to insecure LDAP?
Implement firewall rules to block LDAP (port 389) traffic from the DNN server to the domain controllers, ensuring only LDAPS is used.
What if the issue persists after following the recommended steps?
Review the DNNPro_ActiveDirectoryAuthentication extension settings, check for DNS or network anomalies, and consult with support for further assistance.
Choose files or drag and drop files
ai_initiated
atlas_studio
kb_automation
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments