[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: authentication problem



Mohammad D wrote:
> I could finally configure active directory server to allow anonymous LDAP
> searches.

You should not do that. At least you should not assume that an AD admin is
willing to allow that. You should bind as any user who can read the
configuration partition.

> the CRL Distribution Point given in the certificates issued by this
> server is :
> ldap:///CN=test,CN=testca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=mohamad,DC=ir?certificateRevocationList?base?objectClass=cRLDistributionPoint

Is this a running CA? Details about how MS Certificate Services work with MS
AD are best asked in Microsoft forums.

> I did the following search on ubuntu:
> ldapsearch -x -h 192.168.81.129 -b "CN=test,CN=testca,CN=CDP,CN=
> Public Key Services,CN=Services,CN=Configuration,DC=mohamad,DC=ir" "(objectClass=cRLDistributionPoint)" certificateRevocationList
> 
> it returns:
> [..]
> result: 32 No such object

Which means the entry specified with -b does not exist.

> BTW only the second link works but its German and I don't know German.
> 
> 2011/5/16 Michael Ströder <michael@stroeder.com <mailto:michael@stroeder.com>>
>     There is also
>     ldap.signtrust.de <http://ldap.signtrust.de>
>     directory.d-trust.de <http://directory.d-trust.de>

That's what your mail reader automagically turned my text into. But these were
meant just as the *hostnames* not HTTP URLs of LDAP servers listening on port 389.

ldap://ldap.signtrust.de
ldap://directory.d-trust.de

Sorry, I can't help you any further at that detailed level.

Ciao, Michael.