You are not logged in.
Pages: 1
Hello All,
We are facing an issue with migrating from LDAP authentication to LDAPS authentication.
While we change our connection port from default (389) to 636 (LDAPS port) we are unable to connect to our AD server.
Our GLPI server is running on Windows Server 2016 Core with PHP 5.6 and IIS version 10.0.
Logs:
When user try to login:
2020-09-24 10:09:37 [@test-server]
*** PHP Warning(2): ldap_bind(): Unable to bind to server: Can't contact LDAP server
Backtrace :
:
inc\authldap.class.php:2507 ldap_bind()
inc\authldap.class.php:2540 AuthLDAP::connectToServer()
inc\auth.class.php:215 AuthLDAP::tryToConnectToServer()
inc\authldap.class.php:2652 Auth->connection_ldap()
inc\authldap.class.php:2716 AuthLDAP::ldapAuth()
inc\auth.class.php:717 AuthLDAP::tryLdapAuth()
front\login.php:79 Auth->Login()When we use "Test" in LDAP directory menu:
2020-09-24 10:18:46 [2@test-server]
*** PHP Warning(2): ldap_bind(): Unable to bind to server: Can't contact LDAP server
Backtrace :
:
inc\authldap.class.php:2507 ldap_bind()
inc\authldap.class.php:1397 AuthLDAP::connectToServer()
front\authldap.form.php:74 AuthLDAP::testLDAPConnection()We have SSL certificates imported to IIS on the server.
How can we solve this connection issue?
Offline
LDAP is on every domain controller. So it's not that someone set that up, this is basically Active Directory.
As soon as the DC has a domain controller certificate, it will offer LDAPS over port 636.
Since your devices are not domain joined and therefor cannot rely on the internal (AD integrated) PKI structure, you could consider to use an external certificate on your DC, assuming that the other devices do have a kind of certificate store with the standard CA's.
Yes, we know that LDAP is on every DC. DC already has certificate, it allows to connect over port 636.
We are just unable to use it instead of port 389 to connect to LDAP.
Server is part of the AD Domain, all the traffic is allowed.
It still doesn't work.
Offline
Pages: 1