[Date Prev][Date Next]
Re: TLS with Active Directory
--On Tuesday, March 23, 2004 10:17 AM +1100 Matthew Smith <firstname.lastname@example.org>
I am trying to access active directory and modify entries with open-ldap,
but am having no luck. I've looked at the archives, and can see that
people have done this in the past.
I can connect to the AD on port 389, and I can see the entries correctly,
but when I try to connect on port 636, I am denied. I need the secure
connection to get AD to allow me to add users, and change passwords.
My active directory server is a windows 2000 server machine with all the
latest updates installed. I have installed a certificate authority on the
server, so it can serve certificates to the domain, but this has drawn a
blank as well (open ldap won't connect and openssl s_client says the
certificate is not trusted)
Can anyone point me to a step by step guide to setting up AD correctly or
can guide me through this?
It sounds more like you haven't told OpenLDAP to trust the AD server's CA.
You might want to look at 'man ldap.conf' and pay particular attention to
the TLS_CACERT directive.
You can also give a -d -1 option to the OpenLDAP binary you are using to
connect to AD with to see what it says.
Principal Software Developer
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html