Using the LDAP over SSL (LDAPS) protocol in the LastPass Universal Proxy setup
In a secure network setup, the server side makes sure that the connection being established is encrypted. Universal Proxy offers the LDAP over SSL encryption mechanism. Acting as an SSL server, Universal Proxy needs to have a signed certificate and a corresponding private key. The certificate validates the identity of the sender. The client, who receives the certificate, checks whether the certificate sent by the server is trusted (that is, signed by a trusted Certificate Authority (CA)).
The following figure shows how Universal Proxy acts in the SSL communication:
Figure 1. Universal Proxy - SSL Communication
We assume that VPN server and the Active Directory are already prepared to communicate with the LDAPS protocol. In the setup described previously, Universal Proxy acts as a server in certain aspects of the secure communication and acts as a client in others. Acting as a server, it provides secure connection to the VPN Server. Acting as a client, it also needs to make sure that the Active Directory can be trusted.
Universal Proxy uses the Transport Layer Security (TLS) Protocol version 1.2 to provide privacy and data integrity between the communicating applications.