Active Directory Publisher

Publishing to Active Directory

When configuring Active Directory LDAP, Bind DN for the users are usually:

cn=user,cn=Users,dc=domain-component1,dc=domain-component2

For example for the domain primekey.com:

cn=User Usersson,cn=Users,dc=primekey,dc=com

If your DN and your base DN are like the following examples:

DN
cn=Ejbca1,0=MyOrg,c=SE
Base DN
DC=Security,DC=Software,DC=MyOrg

Then the publisher for AD should have a base DN like the following example:

cn=Users,dc=Security,dc=Software,dc=MyOrg

For Login DN, use the full LDAP name, for example:

CN=Administrator,CN=Users,dc=primekey,dc=se

To connect to AD though SSL, issue a LDAP SSL P12 to the domain controller, according to MS Article ID 321051.

The same certificate is used for both the AD and global catalogue (GC). Remember to add the CA certificate to the machine that stores trusted root certificates.

To publish a CRL to Active Directory, use a Base DN similar to:

CN=somename,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=somemachine,DC=primekey,DC=se

The CRL Distribution Point in the certificate should point to:

ldap:///CN=Test%20MS%20SC%20Logon%20CA%20v1,CN=somename,CN=CDP,CN=Public%20Key%20Services,CN=Services,
CN=Configuration,DC=somemachine,DC=primekey,DC=se?certificateRevocationList?base?objectClass=cRLDistributionPoint