Active Directory ldaps authentication
Mr. Christopher Bland
chris at fdu.edu
Mon Aug 3 12:11:55 EDT 2015
Hi All,
I am sure someone has figured this out but I seem to be missing something. We are in the process of converting to an AD server for authentication. I can do regular unencrypted auth no problem so I know my config is ok. I can also do ldapsearch using ldaps by ignoring the cert using "TLS_REQCERT never”. I keep getting "PKIX path building failed”. I know from previous post it is a problem with tracing my cert back to a CA. I have tried sslSocketFactory="{trustCertificates=file:path_to_AD_CA_cert}” in my login.config file. I also tried adding the cert to my IDP keystone. Neither have worked for me. When I use openssl to get the AD ldap server cert I noticed that it is the CA cert. The subject is blank and the issuer is my AD CA server.
Do I need a different cert? Am I missing something in my config?
Thank you in advance,
-Chris
More information about the users
mailing list