Thanks, Forgot to mention that.
We have the certificates in a Trusted Certificate store on the W2008
server that resolved the cert errors we were initially getting.
I'm not sure what 'binding with a service account with Domain Admin
privileges' means in this case.
Our LDAP is not AD, but Novell eDirectory (if that matters).
Also, the bind to LDAP is successful; I would think an error at that level
would throw an error rather than getting dropped on the response.
--
Programmer Analyst, Virtual Library Services
MSK Research Library
Memorial Sloan-Kettering Cancer Center
On 3/27/14 4:48 PM, "Riley Childs" <[log in to unmask]> wrote:
>Make sure the Active Directory SSL certificate is in the keystore of
>whatever Illiad runs on and you are binding with a service account with
>Domain Admin privs.
>
>Riley Childs
>Student
>Asst. Head of IT Services
>Charlotte United Christian Academy
>(704) 497-2086
>RileyChilds.net
>Sent from my Windows Phone, please excuse mistakes
>________________________________
>From: [log in to unmask]<mailto:[log in to unmask]>
>Sent: ?3/?27/?2014 2:11 PM
>To: [log in to unmask]<mailto:[log in to unmask]>
>Subject: [CODE4LIB] ILLiad and LDAP SSL connection issue
>
>We have a strange problem with ILLiad, LDAP and a Windows 2008 server
>using SSL on port 636.
>
>When I view the illiad logs it's clear the authentication only partially
>completes as the request is sent, ldap binds/authenticates, but the
>authentication isn't received by illiad.
>The illiad log reports a time out. The odd thing is that the user can
>sometimes click the submit button again, or even just refresh the login
>page, and the authentication succeeds with the user getting to their
>ILLiad home page.
>
>When I say that LDAP authenticates I mean we see the results on the logs,
>and of course, that strangeness where hitting the refresh or submit
>button takes a user to their home page. Had they not hit refresh or
>re-submit, we'd see the timeout.
>
>We have no problems using non-ssl on 389 by the way.
>Our Ldap server is Novell eDirectory server (now NetIQ) v8.8 sp5 on SLES
>
>Any ideas would be really helpful.
>Thanks
>Eric
>
>
>
> =====================================================================
>
>
>
> Please note that this e-mail and any files transmitted from
>
> Memorial Sloan-Kettering Cancer Center may be privileged,
>confidential,
>
> and protected from disclosure under applicable law. If the reader of
>
> this message is not the intended recipient, or an employee or agent
>
> responsible for delivering this message to the intended recipient,
>
> you are hereby notified that any reading, dissemination,
>distribution,
>
> copying, or other use of this communication or any of its attachments
>
> is strictly prohibited. If you have received this communication in
>
> error, please notify the sender immediately by replying to this
>message
>
> and deleting this message, any attachments, and all copies and
>backups
>
> from your computer.
>
|