Active Directory traffic not encrypted

[Rochford, Mike]

I’ve figured this out.  There was a setting in the dataconnecter used in the attribute-resolver.xml file that was using useStartTLS=true.  Once I set that to false I was able to use SSL and the traffic is now encrypted between the shibboleth server and the domain controllers.

Thanks,
Mike Rochford
IT Manager
Stark State College
mrochford at starkstate.edu<mailto:mrochford at starkstate.edu>
330-494-6170 x 4244

From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Daniel Fisher
Sent: Wednesday, September 12, 2018 4:18 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: Active Directory traffic not encrypted

On Wed, Sep 12, 2018 at 4:05 PM Rochford, Mike <MRochford at starkstate.edu<mailto:MRochford at starkstate.edu>> wrote:
2018-09-12 15:59:21,055 - ERROR [org.ldaptive.pool.BlockingConnectionPool:509] - <snip> config=[org.ldaptive.ConnectionConfig at 1911725457::ldapUrl=ldaps://dc.starkstate.net:636<http://dc.starkstate.net:636>, connectTimeout=3000, responseTimeout=3000, sslConfig=[org.ldaptive.ssl.SslConfig at 1631826609::credentialConfig=org.ldaptive.ssl.CredentialConfigFactory$2 at a63643e, trustManagers=null, hostnameVerifier=null, hostnameVerifierConfig=null, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=true, connectionInitializer=[org.ldaptive.BindConnectionInitializer at 1126780571::bindDn=CN=shibboleth,OU=Specific purpose logon accounts,DC=starkstate,DC=net, bindSaslConfig=null, bindControls=null]]], initialized=false, availableCount=0, activeCount=0] unable to connect to the ldap

Something doesn't line up. The log says you're attempting to startTLS on an LDAPS connection, which gives the error you would expect.
Are you certain you're using the properties file you think you are?

--Daniel Fisher

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180914/62a1887b/attachment.html>