From: Shuh Chang <[EMAIL PROTECTED]>
To: Grant Sturgis <[EMAIL PROTECTED]>,[email protected]
Subject: Re: ldaps and Active Directory
Date: Thu, 08 Dec 2005 16:24:01 -0600
Hi Grant,
Did you change your LDAP port from 389 (clear text connection) to 636 (SSL
connection)?
Shouldn't this happen automatically based on the ldaps in the URI?
How else would I change this?
Shuh
Thanks Shuh!
Grant
------------
----- Original Message ----- From: "Grant Sturgis" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Thursday, December 08, 2005 2:26 PM
Subject: ldaps and Active Directory
Greetings List,
I am attempting to get ldap authentication to Active Directory working
from our RHEL 4 systems. I have read the several articles and howto
documents out there and am very close to getting everything working.
pam_ldap and nss_ldap is working well with unencrypted ldap, as is
ldapsearch queries. The next step is getting ldaps to work, and I am
hoping for some suggestions from the list to get me over the hump.
RHEL ES 4 fully patched (up2date)
W2K SP4
This works fine:
ldapsearch -x -H ldap://server.domain.com/ -D
cn=ldap,ou=Users-OU,dc=domain,dc=com -W ""
but changing ldap to ldaps results in this error:
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I have installed Certificate Services on the W2K domain controller and
exported the CA Cert and copied the file to the linux
box:/etc/openldap/cacerts. In /etc/openldap/ldap.conf I have tried:
TLS_CACERTDIR /etc/openldap/cacerts
TLS_CACERT /etc/openldap/cacerts/cacert.pem
Any suggestions would be greatly appreciated.
Grant
------------------
