Re: Active Directory Authentication with TLS
On Tue, Jan 17, 2012 at 21:09, Brad Hards wrote: > On Wednesday 18 January 2012 02:08:50 Thilo-Alexander Ginkel wrote: >> When disabling TLS, everything works like expected. > Are you just enabling / disabling TLS? Yes. >> Any ideas? Do I need to register the AD DC's CA certificate as trusted >> root somewhere? > Check you're using the right port for your AD configuration (perhaps 636 or > 3269 depending on whether you're trying to talk to the GC or not). According to tcpdump Review Board uses port 389 (ldap) to connect to the AD if TLS is enabled. I verified using another LDAP client that the AD server supports StartTLS on port 389 and ldaps on port 636. AFAICS, there is no way to change the port from the RB admin interface. Is there anything obvious that I am missing? Thanks, Thilo -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
Re: Active Directory Authentication with TLS
On Wednesday 18 January 2012 02:08:50 Thilo-Alexander Ginkel wrote: > When disabling TLS, everything works like expected. Are you just enabling / disabling TLS? > Any ideas? Do I need to register the AD DC's CA certificate as trusted > root somewhere? Check you're using the right port for your AD configuration (perhaps 636 or 3269 depending on whether you're trying to talk to the GC or not). HTH Brad -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
Active Directory Authentication with TLS
Hi there, we are currently trying to switch Review Board from the Standard Registration mechanism to Active Directory Authentication. Unfortunately, this only seems to work as long as TLS is not enabled. The Domain Controller seems to support TLS and according to tcpdump I can see some data being exchanged that could be a TLS handshake. Unfortunately, the authentication fails after hitting a timeout while the log output is not too helpful: -- 8< -- 2012-01-17 15:44:23,662 - WARNING - Active Directory: Failed login for user xyz -- 8< -- When disabling TLS, everything works like expected. Any ideas? Do I need to register the AD DC's CA certificate as trusted root somewhere? Thanks, Thilo -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en