This is assuming you have a Microsoft Self Signed CA.

On your Domain Controller create a certificate request using the instructions provided: http://support.microsoft.com/kb/321051

go to: http://CA_Server-IP/certsrv sign in using a user with authority.

Click “Download a CA certificate, certificate chain, or CRL”

Next Click “Download CA certificate” (I had to use IE on XP because FireFox on ubuntu does not allow you to download, only install)

Save as base64

example (CA-cert.cer)

copy CA-cert.cer to /etc/ssl/certs/

Run c_rehash

edit /etc/ldap/ldap.conf

TLS_CACERT /etc/ssl/certs/CA-cert.cer

TLS_CACERTDIR /etc/ssl/certs

TLS_REQCERT never

apt-get install ldap-utils

run ldapsearch -x -D “user@domain.ca” -b “cn=Users,dc=domain,dc=ca” -H ldaps://win2k3srv.domain.ca -W sAMAccountName=user

If everything is setup properly you will receive you search results. If there is a configuration you will receive the message can not connect to LDAP SERVER.

under Setup > Authentication

Add a server.

name: server name

server: ldaps://<LDAP SERVER IP> (notice the s this is what forces TLS)

LDAP Port: 389 (If you sniff the TLS conversation, you will see it use port 636 on its own)

Base DN: dc=domain,dc=ca

rootdn: cn=user,cn=users,dc=

domain,dc=ca

Pass: user passwd

Login Field: samaccountname

Connection Filter:(objectClass=user)

Use TLS: NO (Make sure you choose NO)