-
Title
How to configure the Quest On Demand On-Premises Hybrid Agent to use Secure LDAP -
Description
Quest On Demand On-Premises Hybrid Agent version 1.0.0.984 (and higher) adds support for Secure LDAP. During the Quest On Demand On-Premises Hybrid Agent installation, the user is prompted if they would like to use regular LDAP or TLS-encrypted LDAP. However, if this is a pre-existing Hybrid Agent installation that was upgraded, how can the mode be modified?
-
Resolution
Option 1: Install the Hybrid Agent anew and select the desired LDAP option during the installation.
Option 2: Perform the following steps (applies to Hybrid Agent version 1.0.0.984 and higher):
1. Locate the agent.json file under %Installation_Path%\bin\ folder
2. Edit the file with Notepad
3. Add or modify the enableLdaps property and save the file (example of file contents below)
4. Restart the 'Quest On Demand On-Premises Agent' service for the changes to take effectAdditional Information:
LDAP (default) = "enableLdaps":false
Secure LDAP = "enableLdaps":true{"agentId":"000000000-0000-0000-0000-000000000","agentName":"Server1","organization":"000000000-0000-0000-0000-000000000","platform":"Microsoft Windows 10.0.17763","updated":"1800-01-01","version":"0.0.0.000","platformId":"win-x64","isServiceInstallation":true,"enableLdaps":true}
Concepts and items to keep in mind:
1. The Hybrid Agent itself does not make use of LDAP during regular operation. The enableLdaps setting allows the Hybrid Agent to advertise to Actions (e.g. "Collect AD Object Data") installed on the system that they should use Secure LDAP if supported.
2. Secure LDAP settings are global. Once enabled, domain controllers from all domains known to Actions assigned to the Hybrid Agent that support Secure LDAP must be configured to support this method. Domains that do not support Secure LDAP will not be searchable by assigned Actions that respect the Hybrid Agent Secure LDAP configuration setting.
3. Actions assigned to the Hybrid Agent may or may not support Secure LDAP or may require additional/specific configuration from the corresponding On Demand module. Check module documentation for details.4. For more information about Secure LDAP, consult Microsoft documentation: https://learn.microsoft.com/en-us/archive/technet-wiki/2980.ldap-over-ssl-ldaps-certificate