Re: ldaps and Active Directory

2005-12-12 Thread Howard Chu
Marco D'Ettorre wrote: Add TLS_REQCERT try (or "allow" or "never") in your ldap.conf. The default is "demand" (or "hard"), then you are trying to verify server certificate. See ldap.conf (5) NO. That simply allows the certificate errors to be ignored. They've gone to the trouble of exporting t

Re: ldaps and Active Directory

2005-12-12 Thread Marco D'Ettorre
Add TLS_REQCERT try (or "allow" or "never") in your ldap.conf. The default is "demand" (or "hard"), then you are trying to verify server certificate. See ldap.conf (5) Grant Sturgis wrote: Greetings List, I am attempting to get ldap authentication to Active Directory working from our RHEL 4

Re: ldaps and Active Directory

2005-12-09 Thread Michael Ströder
Quanah Gibson-Mount wrote: > > >> Did you change your LDAP port from 389 (clear text connection) to 636 >> (SSL >> connection)? > > Port 389 is not necessarily clear text, as LDAP V3 supports TLS over > 389. Just to be clear. But if someone uses LDAP URL schema ldaps:// without specifying a por

Re: ldaps and Active Directory

2005-12-09 Thread Quanah Gibson-Mount
--On Thursday, December 08, 2005 4:24 PM -0600 Shuh Chang <[EMAIL PROTECTED]> wrote: Hi Grant, Did you change your LDAP port from 389 (clear text connection) to 636 (SSL connection)? Port 389 is not necessarily clear text, as LDAP V3 supports TLS over 389. Just to be clear. --Quanah -

Re: ldaps and Active Directory

2005-12-09 Thread Shuh Chang
; Cc: Sent: Friday, December 09, 2005 2:07 AM Subject: Re: ldaps and Active Directory Grant Sturgis wrote: ldap_bind: Can't contact LDAP server (-1) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed I have installed Certificate

RE: ldaps and Active Directory

2005-12-09 Thread Gareth Ansell
ecember 2005 23:59 > To: [EMAIL PROTECTED]; OpenLDAP-software@OpenLDAP.org > Subject: Re: ldaps and Active Directory > > > > > >From: Shuh Chang <[EMAIL PROTECTED]> > >To: Grant Sturgis > <[EMAIL PROTECTED]>,OpenLDAP-software@OpenLDAP.org > >Su

Re: ldaps and Active Directory

2005-12-09 Thread Grant Sturgis
From: Shuh Chang <[EMAIL PROTECTED]> To: Grant Sturgis <[EMAIL PROTECTED]>,OpenLDAP-software@OpenLDAP.org Subject: Re: ldaps and Active Directory Date: Thu, 08 Dec 2005 16:24:01 -0600 Hi Grant, Did you change your LDAP port from 389 (clear text connection) to 636 (SS

Re: ldaps and Active Directory

2005-12-09 Thread Shuh Chang
Hi Grant, Did you change your LDAP port from 389 (clear text connection) to 636 (SSL connection)? Shuh - Original Message - From: "Grant Sturgis" <[EMAIL PROTECTED]> To: Sent: Thursday, December 08, 2005 2:26 PM Subject: ldaps and Active Directory Greetings List,

Re: ldaps and Active Directory

2005-12-09 Thread Michael Ströder
Grant Sturgis wrote: > > ldap_bind: Can't contact LDAP server (-1) >additional info: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed > > > I have installed Certificate Services on the W2K domain controller and > exported the CA Cert and copied the file

ldaps and Active Directory

2005-12-08 Thread Grant Sturgis
Greetings List, I am attempting to get ldap authentication to Active Directory working from our RHEL 4 systems. I have read the several articles and howto documents out there and am very close to getting everything working. pam_ldap and nss_ldap is working well with unencrypted ldap, as is