We are having a similar issue since an update we did a few weeks ago.
LDAP was working fine for us before the update. After the update we
will get random "Incorrect password" responses after almost exactly 60
seconds. After doing a packet capture on the ILLiad server, I saw a 60
second pause on the ILLiad side between one LDAPS packet and the next
LDAPS packet. I talked to OCLC a few times and they passed me on to
the ILLiad developers, Atlas. I'm waiting to hear back.
In the ILLiad logs it shows a generic "Timeout", but doesn't say where.
FWIW, our ILLiad system is running on Windows Server 2012, and we're
talking to an OpenLDAP system on port 636.
On Fri, Mar 28, 2014 at 11:02 AM, <[log in to unmask]> wrote:
> Thanks Heather I would like to know more. I emailed you off list if that's
> I did update a configuration key in Connection Manager to LDAPVersion = 3
> without any change in outcome.
> On 3/28/14 12:49 PM, "Klish, Heather J" <[log in to unmask]> wrote:
>>We also had issues with LDAP authentication when we migrated ILLiad to
>>Windows 2008 R2 last winter. Although it doesn't appear to be the same
>>one that you are having. Authentication was fine on our W2003 server
>>but as soon as we moved to W2008, our LDAP server was seeing all
>>communication coming from ILLiad as using the SSL 2.0 protocol rather
>>than the more secure SSL 3.0 protocol which then caused our LDAP
>>authentication to fail. The vendor was also stumped in this situation
>>and we eventually had to figure out a solution ourselves.
>>I'd be glad to share more info with you on our solution if you think it
>>- - - - - - - - - - - - - - - - -
>>University Library Technology
>>[log in to unmask]
>>Sent: Friday, March 28, 2014 12:34 PM
>>To: [log in to unmask]
>>Subject: Re: [CODE4LIB] ILLiad and LDAP SSL connection issue
>>Thanks, That's a good line of enquiry Riley.
>>I'm not sure how to take that further unfortunately.
>>ILLiad is OCLC's Document Delivery platform written in .NET that runs in
>>the context of IIS, in this case IIS 7.5 The issue hasn't gone very far
>>with OCLC or the vendor behind ILLiad.
>>They seem to be stumped and I fear it's a 'not of our doing' symptom
>>(which includes my company).
>>I have limited experience with IIS and Windows, and virtually none with
>>If anyone knows of another forum or list, that would be helpful too.
> Please note that this e-mail and any files transmitted from
> Memorial Sloan-Kettering Cancer Center may be privileged, confidential,
> and protected from disclosure under applicable law. If the reader of
> this message is not the intended recipient, or an employee or agent
> responsible for delivering this message to the intended recipient,
> you are hereby notified that any reading, dissemination, distribution,
> copying, or other use of this communication or any of its attachments
> is strictly prohibited. If you have received this communication in
> error, please notify the sender immediately by replying to this message
> and deleting this message, any attachments, and all copies and backups
> from your computer.