[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldaps and Active Directory

To: <OpenLDAP-software@OpenLDAP.org>
Subject: RE: ldaps and Active Directory
From: "Gareth Ansell" <ccx264@coventry.ac.uk>
Date: Fri, 9 Dec 2005 10:25:57 -0000
Content-class: urn:content-classes:message
Thread-index: AcX8o2eCixsBaqH7TxqeE2IfkCbE1AAB4EoQ
Thread-topic: ldaps and Active Directory

Have you got TLS_REQCERT allow in /etc/openldap/ldap.conf?

Gareth Ansell
UNIX Team
Infrastructure
Computing Services
Coventry University
024 7688 8641  

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org 
> [mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of 
> Grant Sturgis
> Sent: 08 December 2005 23:59
> To: schang@axalto.com; OpenLDAP-software@OpenLDAP.org
> Subject: Re: ldaps and Active Directory
> 
> 
> 
> 
> >From: Shuh Chang <schang@axalto.com>
> >To: Grant Sturgis 
> <gesturgis@hotmail.com>,OpenLDAP-software@OpenLDAP.org
> >Subject: Re: ldaps and Active Directory
> >Date: Thu, 08 Dec 2005 16:24:01 -0600
> >
> >Hi Grant,
> >
> >Did you change your LDAP port from 389 (clear text 
> connection) to 636 (SSL
> >connection)?
> 
> Shouldn't this happen automatically based on the ldaps in the URI?
> 
> How else would I change this?
> 
> >
> >Shuh
> 
> Thanks Shuh!
> 
> Grant
> ------------
> >
> >----- Original Message ----- From: "Grant Sturgis" 
> <gesturgis@hotmail.com>
> >To: <OpenLDAP-software@OpenLDAP.org>
> >Sent: Thursday, December 08, 2005 2:26 PM
> >Subject: ldaps and Active Directory
> >
> >
> >>Greetings List,
> >>
> >>I am attempting to get ldap authentication to Active 
> Directory working 
> >>from our RHEL 4 systems.  I have read the several articles 
> and howto 
> >>documents out there and am very close to getting everything working.
> >>
> >>pam_ldap and nss_ldap is working well with unencrypted ldap, as is 
> >>ldapsearch queries.  The next step is getting ldaps to 
> work, and I am 
> >>hoping for some suggestions from the list to get me over the hump.
> >>
> >>RHEL ES 4 fully patched (up2date)
> >>W2K SP4
> >>
> >>This works fine:
> >>
> >>ldapsearch -x -H ldap://server.domain.com/ -D 
> >>cn=ldap,ou=Users-OU,dc=domain,dc=com -W ""
> >>
> >>but changing ldap to ldaps results in this error:
> >>
> >>ldap_bind: Can't contact LDAP server (-1)
> >>        additional info: error:14090086:SSL 
> >>routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> >>
> >>
> >>I have installed Certificate Services on the W2K domain 
> controller and 
> >>exported the CA Cert and copied the file to the linux 
> >>box:/etc/openldap/cacerts.  In /etc/openldap/ldap.conf I have tried:
> >>
> >>TLS_CACERTDIR /etc/openldap/cacerts
> >>TLS_CACERT /etc/openldap/cacerts/cacert.pem
> >>
> >>Any suggestions would be greatly appreciated.
> >>
> >>Grant
> >>------------------
> >
>

Prev by Date: Re: master ldap database is not getting populated
Next by Date: Re: Slow adding attributes to a entry with many attributes
Index(es):
- Chronological
- Thread