[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS with Active Directory

--On Tuesday, March 23, 2004 10:17 AM +1100 Matthew Smith <mps@getbusi.com> wrote:

I am trying to access active directory and modify entries with open-ldap,
but  am having no luck. I've looked at the archives, and can see that
people have  done this in the past.

I can connect to the AD on port 389, and I can see the entries correctly,
but  when I try to connect on port 636, I am denied. I need the secure
connection  to get AD to allow me to add users, and change passwords.

My active directory server is a windows 2000 server machine with all the
latest updates installed. I have installed a certificate authority on the
server, so it can serve certificates to the domain, but this has drawn a
blank as well (open ldap won't connect and openssl s_client says the
certificate is not trusted)

Can anyone point me to a step by step guide to setting up AD correctly or
can  guide me through this?

It sounds more like you haven't told OpenLDAP to trust the AD server's CA. You might want to look at 'man ldap.conf' and pay particular attention to the TLS_CACERT directive.

You can also give a -d -1 option to the OpenLDAP binary you are using to connect to AD with to see what it says.


Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html