Is this a new issue? How long has this been occurring? Can you paste an excerpt of the log? Sorry for all my questions!
Riley Childs
Student
Asst. Head of IT Services
Charlotte United Christian Academy
(704) 497-2086
RileyChilds.net
Sent from my Windows Phone, please excuse mistakes
________________________________
From: [log in to unmask]<mailto:[log in to unmask]>
Sent: ý3/ý27/ý2014 5:24 PM
To: [log in to unmask]<mailto:[log in to unmask]>
Subject: Re: [CODE4LIB] ILLiad and LDAP SSL connection issue
Thanks, Forgot to mention that.
We have the certificates in a Trusted Certificate store on the W2008
server that resolved the cert errors we were initially getting.
I'm not sure what 'binding with a service account with Domain Admin
privileges' means in this case.
Our LDAP is not AD, but Novell eDirectory (if that matters).
Also, the bind to LDAP is successful; I would think an error at that level
would throw an error rather than getting dropped on the response.
--
Programmer Analyst, Virtual Library Services
MSK Research Library
Memorial Sloan-Kettering Cancer Center
On 3/27/14 4:48 PM, "Riley Childs" <[log in to unmask]> wrote:
>Make sure the Active Directory SSL certificate is in the keystore of
>whatever Illiad runs on and you are binding with a service account with
>Domain Admin privs.
>
>Riley Childs
>Student
>Asst. Head of IT Services
>Charlotte United Christian Academy
>(704) 497-2086
>RileyChilds.net
>Sent from my Windows Phone, please excuse mistakes
>________________________________
>From: [log in to unmask]<mailto:[log in to unmask]>
>Sent: ?3/?27/?2014 2:11 PM
>To: [log in to unmask]<mailto:[log in to unmask]>
>Subject: [CODE4LIB] ILLiad and LDAP SSL connection issue
>
>We have a strange problem with ILLiad, LDAP and a Windows 2008 server
>using SSL on port 636.
>
>When I view the illiad logs it's clear the authentication only partially
>completes as the request is sent, ldap binds/authenticates, but the
>authentication isn't received by illiad.
>The illiad log reports a time out. The odd thing is that the user can
>sometimes click the submit button again, or even just refresh the login
>page, and the authentication succeeds with the user getting to their
>ILLiad home page.
>
>When I say that LDAP authenticates I mean we see the results on the logs,
>and of course, that strangeness where hitting the refresh or submit
>button takes a user to their home page. Had they not hit refresh or
>re-submit, we'd see the timeout.
>
>We have no problems using non-ssl on 389 by the way.
>Our Ldap server is Novell eDirectory server (now NetIQ) v8.8 sp5 on SLES
>
>Any ideas would be really helpful.
>Thanks
>Eric
>
>
>
> =====================================================================
>
>
>
> Please note that this e-mail and any files transmitted from
>
> Memorial Sloan-Kettering Cancer Center may be privileged,
>confidential,
>
> and protected from disclosure under applicable law. If the reader of
>
> this message is not the intended recipient, or an employee or agent
>
> responsible for delivering this message to the intended recipient,
>
> you are hereby notified that any reading, dissemination,
>distribution,
>
> copying, or other use of this communication or any of its attachments
>
> is strictly prohibited. If you have received this communication in
>
> error, please notify the sender immediately by replying to this
>message
>
> and deleting this message, any attachments, and all copies and
>backups
>
> from your computer.
>
|