Print

Print


Make sure the Active Directory SSL certificate is in the keystore of whatever Illiad runs on and you are binding with a service account with Domain Admin privs.

Riley Childs
Student
Asst. Head of IT Services
Charlotte United Christian Academy
(704) 497-2086
RileyChilds.net
Sent from my Windows Phone, please excuse mistakes
________________________________
From: [log in to unmask]<mailto:[log in to unmask]>
Sent: 3/27/2014 2:11 PM
To: [log in to unmask]<mailto:[log in to unmask]>
Subject: [CODE4LIB] ILLiad and LDAP SSL connection issue

We have a strange problem with ILLiad, LDAP and a Windows 2008 server using SSL on port 636.

When I view the illiad logs it's clear the authentication only partially completes as the request is sent, ldap binds/authenticates, but the authentication isn't received by illiad.
The illiad log reports a time out. The odd thing is that the user can sometimes click the submit button again, or even just refresh the login page, and the authentication succeeds with the user getting to their ILLiad home page.

When I say that LDAP authenticates I mean we see the results on the logs, and of course, that strangeness where hitting the refresh or submit button takes a user to their home page. Had they not hit refresh or re-submit, we'd see the timeout.

We have no problems using non-ssl on 389 by the way.
Our Ldap server is Novell eDirectory server (now NetIQ) v8.8 sp5 on SLES

Any ideas would be really helpful.
Thanks
Eric



     =====================================================================



     Please note that this e-mail and any files transmitted from

     Memorial Sloan-Kettering Cancer Center may be privileged, confidential,

     and protected from disclosure under applicable law. If the reader of

     this message is not the intended recipient, or an employee or agent

     responsible for delivering this message to the intended recipient,

     you are hereby notified that any reading, dissemination, distribution,

     copying, or other use of this communication or any of its attachments

     is strictly prohibited.  If you have received this communication in

     error, please notify the sender immediately by replying to this message

     and deleting this message, any attachments, and all copies and backups

     from your computer.