Ahoj, TLS [1] is not something different than SSL [2], it is only new (and standard) name for the same thing. TLS v1 (latest is v1.2) is technically the same as SSL v3, and only slightly differs in some details. The SSL v3 (SSL at all) is deprecated now due security.
Using ldap:// schema uses (not secured) standard LDAP port. If TLS is enabled, it uses StartTLS to initialize encrypted connection after connecting the server without encryption. Using ldaps:// schema uses LDAP+TLS (LDAP over SSL/TLS), i.e. TLS is used to connect the server from start. I am not AD expert (i never used it), but do you mean that the AD doesn't support StartTLS and explicit LDAP+SSL/TLS must be used? [3] [1] https://www.ietf.org/rfc/rfc2246.txt [2] https://tools.ietf.org/html/rfc6101 [3] http://www.openldap.org/faq/data/cache/185.html regards Dňa Wed, 07 Sep 2016 18:53:28 +0200 Roland Gruber <[email protected]> napísal: > Hi Javier, > > Active Directory uses LDAP+SSL instead of TLS. So you need to disable > TLS and prefix the server name with ldaps://. E.g. use > ldaps://ldap.example.com in your LAM server profile. > > See also here: > > https://www.ldap-account-manager.org/static/doc/manual/apbs03.html > > Best regards > Roland > > > Am 7. September 2016 17:35:26 MESZ, schrieb Javier Alfonso Valdes > <[email protected]>: > >I succesfully connected LAM to my Active directory, I can see > >everything i need, but I can't modify any atributes, digging a > >little, i found that my connection was insecure, so I tried to > >configure TLS for the connection, everything looks fine, but when i > >trie to log in I get the message: LDAP ERROR 0c090f78 Error > >Initializing ssl/tls. > > > >Any ideas on how to proceed? > > > >Thanks > > > > > > > >PS: I already installed an autosigned cert in both my active > >directory and web server. > > > > > >------------------------------------------------------------------------ > > > >------------------------------------------------------------------------------ > > > > > >------------------------------------------------------------------------ > > > >_______________________________________________ > >Lam-public mailing list > >[email protected] > >https://lists.sourceforge.net/lists/listinfo/lam-public > -- Slavko http://slavino.sk
pgpBMfJA9Ad1V.pgp
Description: Digitálny podpis OpenPGP
------------------------------------------------------------------------------
_______________________________________________ Lam-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lam-public
