[Date Prev][Date Next]
Re: ldaps and Active Directory
From: Shuh Chang <email@example.com>
To: Grant Sturgis <firstname.lastname@example.org>,OpenLDAP-software@OpenLDAP.org
Subject: Re: ldaps and Active Directory
Date: Thu, 08 Dec 2005 16:24:01 -0600
Did you change your LDAP port from 389 (clear text connection) to 636 (SSL
Shouldn't this happen automatically based on the ldaps in the URI?
How else would I change this?
----- Original Message ----- From: "Grant Sturgis" <email@example.com>
Sent: Thursday, December 08, 2005 2:26 PM
Subject: ldaps and Active Directory
I am attempting to get ldap authentication to Active Directory working
from our RHEL 4 systems. I have read the several articles and howto
documents out there and am very close to getting everything working.
pam_ldap and nss_ldap is working well with unencrypted ldap, as is
ldapsearch queries. The next step is getting ldaps to work, and I am
hoping for some suggestions from the list to get me over the hump.
RHEL ES 4 fully patched (up2date)
This works fine:
ldapsearch -x -H ldap://server.domain.com/ -D
cn=ldap,ou=Users-OU,dc=domain,dc=com -W ""
but changing ldap to ldaps results in this error:
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I have installed Certificate Services on the W2K domain controller and
exported the CA Cert and copied the file to the linux
box:/etc/openldap/cacerts. In /etc/openldap/ldap.conf I have tried:
Any suggestions would be greatly appreciated.