Hi, Just a recap for newbies like me, final get it done by importing the client cert with private key (in pfx) back to NTDS\Personal cert. store using AD Domain Services account.
Thanks for your help :) Jan 寄件者: Sébastien Bahloul <[email protected]> 收件者: Jan Leung <[email protected]> 副本抄送: "[email protected]" <[email protected]> 日期: 10/08/2016 06:04 PM 主旨: Re: [lsc-users] AD Connection reset Hi Jan, It seems that your AD is misconfigured and does not support Ldaps. Can you look at Microsoft documentation and forums ? You can then check with any other ldap GUI like apache directory studio to ensure your AD settings are correct. Regards Le vendredi 7 octobre 2016, Jan Leung <[email protected]> a écrit : Hi all, I met problem to connect LSC to my AD, it shown connection reset while the event viewer of the domain controller shown "The SSL server credential's certificate does not have a private key information property attached to it. This most often occurs when a certificate is backed up incorrectly and then later restored. This message can also indicate a certificate enrollment failure." I'd follow the instruction on http://lsc-project.org/wiki/documentation/tutorial/openldaptoactivedirectory , built a CA on the domain controller, generate a certificate and export it to X.509 CER then import it to the Java keystore on the LSC machine and also tested the domain controller is listening port 636. Below is the error" Oct 07 11:50:29 - INFO - Connecting to LDAP server ldaps://test-dc.example.com:636/dc=example,dc=com as cn=ldapadmin,dc=Users,dc=example,dc=com Oct 07 11:50:30 - ERROR - Error opening the LDAP connection to the destination! (javax.naming.CommunicationException: simple bind failed: test-dc.example.com:636 [Root exception is java.net.SocketException: Connection reset]) Oct 07 11:50:30 - ERROR - org.lsc.exception.LscConfigurationException: Configuration exception: javax.naming.CommunicationException: simple bind failed: test-dc.example.com:636 [Root exception is java.net.SocketException: Connection reset] Config: <ldapConnection> <name>AD</name> <url>ldaps://test-dc.example.com:636/dc=example,dc=com</url> <username>cn=ldapadmin,dc=Users,dc=example,dc=com</username> <password>XXX</password> <authentication>SIMPLE</authentication> <referral>IGNORE</referral> <derefAliases>NEVER</derefAliases> <version>VERSION_3</version> <pageSize>1000</pageSize> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <tlsActivated>false</tlsActivated> </ldapConnection> Any idea? Thanks so much. Jan NOTICE: This email message is for the sole use of the intended recipient (s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users -- Sebastien BAHLOUL NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
