[ZendTo] AD SSL issues

Brian Novogradac Brian.Novogradac at utoronto.ca
Mon Mar 28 21:59:19 BST 2016


I know SSL works because I’ve tested connectivity on the server, I can connect and do a query no problems through ssl.  But when I “activate” SSL on the app it still falls back to 389.  This is just for the app.

IS there maybe somewhere else within the app that is making that call to LDAPS/LDAP.




From: zendto-bounces at zend.to [mailto:zendto-bounces at zend.to] On Behalf Of Jordack
Sent: March-28-16 3:47 PM
To: ZendTo Users <zendto at zend.to>
Subject: Re: [ZendTo] AD SSL issues

I'm not seeing that.  Mine is connecting over 636.

Maybe its failing back to cleartext if SSL fails.

I know with every system I've setup LDAP on it requires setting the CACert in the ldap.conf file

/etc/openldap/ldap.conf

TLS_CACERT      /etc/pki/tls/certs/TrustedRoot2015.pem



On Monday, March 28, 2016 8:11 AM, Brian Novogradac <Brian.Novogradac at utoronto.ca<mailto:Brian.Novogradac at utoronto.ca>> wrote:

Hello,

I am having a tough time here hope someone could shed some light.  I have no problem using the application via AD unencrypted 389.  I go to activate using SSL protocol by changing 'authLDAPUseSSL1'           => true.

After a bunch of digging and troubleshooting the application is still trying to use port 389 instead of 636.

Any help appreciated

Brian Novogradac
System Analyst, Computing Services (I&ITS)

University of Toronto at Mississauga
3359 Mississauga Road N.
Mississauga, Ontario, L5L 1C6

(P) 416-435-2543
(F) 905-569-4343
(E) brian.novogradac at utoronto.ca<mailto:brian.novogradac at utoronto.ca>
(W) www.utm.utoronto.ca/iits<http://www.utm.utoronto.ca/iits>

This E-mail contains privileged and confidential information intended only for the individual or entity named in the message. If the reader of this message is not the intended recipient, or the agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited.  If this communication was received in error, please notify the sender by reply E-mail immediately, and delete and destroy the original message.


_______________________________________________
ZendTo mailing list
ZendTo at zend.to<mailto:ZendTo at zend.to>
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20160328/8129ee7a/attachment-0001.html 


More information about the ZendTo mailing list