The Secure LDAP service generates a certificate that will act as the primary authentication mechanism for your LDAP clients to authenticate with Secure LDAP. You then need to download the generated certificate, and upload the certificate to your LDAP client. Configuration requires LDAP access credentials only if your LDAP client requires it (for details, see Generate access credentials).
After you finish configuring access permissions and click ADD LDAP CLIENT, the certificate is generated automatically. If there’s an error or delay in the process, you can click Retry, or you can later return to the details page for the LDAP client to try again.
After the certificate is generated, you then need to download the certificate. During the setup steps for your LDAP client, click Download certificate.
You can optionally click CONTINUE TO CLIENT DETAILS and download the certificate from the Client details page at a later time.
Notes:
- Some LDAP clients try to validate the certificate before calling the LDAP server. This validation might fail since our certificates are self-signed by Google.
- If your LDAP client doesn’t support certificates, see Use Stunnel as a proxy.
Next steps
After you download the generated certificate, you'll need to connect the LDAP client to the Secure LDAP service, and then switch the service status to On for the LDAP client.
For your next steps, see 4. Connect LDAP clients to the Secure LDAP service.