Hi everyone,
I had working LDAP over SSL connection to an AD server from my GNU/Linux box
for about a year when suddenly it stopped working. Perl scripts to manage
users data (including passwords), PAM modules (nss_ldap), glibc's getent -
all stopped working at the same time. What to do? I disabled SSL in all
configs. Now pure LDAP works fine, but it doesn't allow me to manage the
passwords. So it seems that the problem is on the AD side.
I can connect using telnet to both 389 and 636 ports of the machine where the
AD is installed. But when I try it with perl:
[clip]
#!/usr/bin/perl
use Net::LDAPS;
use strict;
my $ldaps = new Net::LDAPS('ldaps://AD_SERVER') || die "$@";
print "ldaps = $ldaps\n";
[/clip]
I get: "IO::Socket::SSL: Timeout at test.pl line 6, <DATA> line 225." . If
"ldaps:" protocol is changed to "ldap" - I get the HASH.
So the ADs admin checked the certificates and said they where not expired. I
still think it's somehow connected to certificates. I do not remember now how
did we set the SSL connection up then. But is there another way to check
certs?
So if someone could help, I'd appreciate, what are the general procedure of
setting the SSL connection in my case? Is it first I create the certificate
on a GNU/Linux box and then export it to AD?
TIA,
--
[EMAIL PROTECTED]
