Increase the ease and utility of PKI
Integrate your company’s LDAP directory services with Penango
To integrate an organization’s LDAP or directory services with Penango, please contact us and provide the following information:
- The e-mail addresses or e-mail domains of the users.
- The address of the organization’s external LDAP server, if such an Internet-accessible server exists, to allow third parties to search for the certificates of the organization’s users (i.e., to allow people who are not part of the organization to send encrypted e-mails to people in the organization).
- The configuration of the organization’s LDAP server:
- The address of their LDAP server.
- If no anonymous binding is available—the credentials to use for search (unless the clients are all joined in a Windows domain and the LDAP is an Active Directory—in that case, the user's credentials will be automatically used and Penango will not need the address of the LDAP server).
- Port number (default 389).
- Security configuration: (a) LDAPS = SSL protected channel — usually on port 646; (b) LDAP with STARTTLS; or (c) LDAP = searches are not protected. (Since we retrieve only certificates, which are public, option (c) does not pose a security threat.)
- If the organization wishes to restrict the search only to users who have a specific CA certificate already installed in their browser, please provide the SHA-1 or SHA-256 fingerprint of the CA certificate.
- Base Distinguished Name (or basedn) to use for searches. This is optional as Penango can automatically discover the available basedn of an LDAP server, and can perform the searches on all of the available basedn(s). However, if a basedn is provided, searches are more efficient.