Re: ldaps and Active Directory

["Grant Sturgis" <gesturgis@hotmail.com>]

> From: Shuh Chang <schang@axalto.com>
> To: Grant Sturgis <gesturgis@hotmail.com>,OpenLDAP-software@OpenLDAP.org
> Subject: Re: ldaps and Active Directory
> Date: Thu, 08 Dec 2005 16:24:01 -0600
>
> Hi Grant,
>
> Did you change your LDAP port from 389 (clear text connection) to 636 (SSL
> connection)?

Shouldn't this happen automatically based on the ldaps in the URI?

How else would I change this?

> Shuh

Thanks Shuh!

Grant
------------
> ----- Original Message ----- From: "Grant Sturgis" <gesturgis@hotmail.com>
> To: <OpenLDAP-software@OpenLDAP.org>
> Sent: Thursday, December 08, 2005 2:26 PM
> Subject: ldaps and Active Directory
>
>
> > Greetings List,
> >
> > I am attempting to get ldap authentication to Active Directory working 
> > from our RHEL 4 systems.  I have read the several articles and howto 
> > documents out there and am very close to getting everything working.
> >
> > pam_ldap and nss_ldap is working well with unencrypted ldap, as is 
> > ldapsearch queries.  The next step is getting ldaps to work, and I am 
> > hoping for some suggestions from the list to get me over the hump.
> >
> > RHEL ES 4 fully patched (up2date)
> > W2K SP4
> >
> > This works fine:
> >
> > ldapsearch -x -H ldap://server.domain.com/ -D 
> > cn=ldap,ou=Users-OU,dc=domain,dc=com -W ""
> >
> > but changing ldap to ldaps results in this error:
> >
> > ldap_bind: Can't contact LDAP server (-1)
> >        additional info: error:14090086:SSL 
> > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> >
> >
> > I have installed Certificate Services on the W2K domain controller and 
> > exported the CA Cert and copied the file to the linux 
> > box:/etc/openldap/cacerts.  In /etc/openldap/ldap.conf I have tried:
> >
> > TLS_CACERTDIR /etc/openldap/cacerts
> > TLS_CACERT /etc/openldap/cacerts/cacert.pem
> >
> > Any suggestions would be greatly appreciated.
> >
> > Grant
> > ------------------