> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/server/getting-started/security-checklist/ldap-over-ssl-ldaps.md). # LDAP over SSL (LDAPS) Using LDAP over SSL (LDAPS) ensures that credentials and directory queries exchanged between Devolutions Server and Active Directory are encrypted in transit. #### Enable LDAPS 1. Configure domain controllers to accept LDAPS on port 636. 2. Avoid using unencrypted LDAP (port 389) except in strictly controlled exception cases. #### Certificate requirements * Install a valid TLS server certificate on each domain controller used for authentication. {% hint style="info" %} See [LDAP over SSL (LDAPS) Certificate](https://learn.microsoft.com/en-us/archive/technet-wiki/2980.ldap-over-ssl-ldaps-certificate) for more information. {% endhint %} #### Test the configuration 1. Validate LDAPS connectivity from the Devolutions Server host to ensure proper certificate trust and authentication flow. 2. Document common errors (e.g., certificate mismatch, expired certificate) and their remediation steps. #### Migration planning * If your environment currently uses LDAP in cleartext, identify legacy systems and upgrade them before enforcing LDAPS exclusively. #### Compliance and best practices Many regulatory frameworks require encrypted directory communication. Enforcing LDAPS reduces exposure to credential theft, network sniffing, and impersonation attacks. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.devolutions.net/server/getting-started/security-checklist/ldap-over-ssl-ldaps.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.