For your security Mimecast recommends that LDAP Directory Sync be secured using LDAPS. This article covers the Microsoft and Mimecast requirements to enable this.
What are Microsoft requirements to enable Secure LDAP?
- The SSL certificate that you use must be valid for the purpose of Server Authentication.
- The Subject name or the first name that appears in the Subject Alternative Name (SAN) of the SSL certificate you use, must match the Fully Qualified Domain Name (FQDN) of the host machine that you will be installing the certificate on.
What are the Mimecast requirements to use Secure LDAP?
- The SSL certificate that you use must be issued by a Mimecast trusted Certification Authority.
- The SSL certificate that you use must have a key length of at least 1024 bits.
- Your firewall must accept connections from the Mimecast IP range and direct these connections to your Domain Controller.
What if I want to use a Self-Signed certificate?
While this is not recommended Mimecast does offer support for Secure LDAP using a Self-Signed certificate. See the Enabling LDAP Directory Synchronization for Active Directory page for details of how to do this.
What if the key length of my certificate is less than 1024 bits?
While this is not recommended Mimecast does offer support for Secure LDAP using certificates with a key length of less than 1024 bits. Please contact our support teams who can enable this support on your behalf.
Please see this Microsoft article for full guidance on how to set up your Domain Controller to accept Secure LDAP connections.
Once your Domain Controller has Secure LDAP enabled you are ready to set up your Mimecast Directory Sync Connection. Please see this article for guidance.