Using LDAP over SSL (LDAPS) ensures that credentials and directory queries exchanged between Devolutions Server and Active Directory are encrypted in transit.
Configure domain controllers to accept LDAPS on port 636.
Avoid using unencrypted LDAP (port 389) except in strictly controlled exception cases.
Install a valid TLS server certificate on each domain controller used for authentication.
See LDAP over SSL (LDAPS) Certificate for more information.
Validate LDAPS connectivity from the Devolutions Server host to ensure proper certificate trust and authentication flow.
Document common errors (e.g., certificate mismatch, expired certificate) and their remediation steps.
If your environment currently uses LDAP in cleartext, identify legacy systems and upgrade them before enforcing LDAPS exclusively.
Many regulatory frameworks require encrypted directory communication. Enforcing LDAPS reduces exposure to credential theft, network sniffing, and impersonation attacks.
Share your feedback