Thanks, Forgot to mention that.
We have the certificates in a Trusted Certificate store on the W2008
server that resolved the cert errors we were initially getting.

I'm not sure what 'binding with a service account with Domain Admin
privileges' means in this case.
Our LDAP is not AD, but Novell eDirectory (if that matters).
Also, the bind to LDAP is successful; I would think an error at that level
would throw an error rather than getting dropped on the response.

Programmer Analyst, Virtual Library Services

MSK Research Library
Memorial Sloan-Kettering Cancer Center

On 3/27/14 4:48 PM, "Riley Childs" <[log in to unmask]> wrote:

>Make sure the Active Directory SSL certificate is in the keystore of
>whatever Illiad runs on and you are binding with a service account with
>Domain Admin privs.
>Riley Childs
>Asst. Head of IT Services
>Charlotte United Christian Academy
>(704) 497-2086
>Sent from my Windows Phone, please excuse mistakes
>From: [log in to unmask]<mailto:[log in to unmask]>
>Sent: ?3/?27/?2014 2:11 PM
>To: [log in to unmask]<mailto:[log in to unmask]>
>Subject: [CODE4LIB] ILLiad and LDAP SSL connection issue
>We have a strange problem with ILLiad, LDAP and a Windows 2008 server
>using SSL on port 636.
>When I view the illiad logs it's clear the authentication only partially
>completes as the request is sent, ldap binds/authenticates, but the
>authentication isn't received by illiad.
>The illiad log reports a time out. The odd thing is that the user can
>sometimes click the submit button again, or even just refresh the login
>page, and the authentication succeeds with the user getting to their
>ILLiad home page.
>When I say that LDAP authenticates I mean we see the results on the logs,
>and of course, that strangeness where hitting the refresh or submit
>button takes a user to their home page. Had they not hit refresh or
>re-submit, we'd see the timeout.
>We have no problems using non-ssl on 389 by the way.
>Our Ldap server is Novell eDirectory server (now NetIQ) v8.8 sp5 on SLES
>Any ideas would be really helpful.
>     =====================================================================
>     Please note that this e-mail and any files transmitted from
>     Memorial Sloan-Kettering Cancer Center may be privileged,
>     and protected from disclosure under applicable law. If the reader of
>     this message is not the intended recipient, or an employee or agent
>     responsible for delivering this message to the intended recipient,
>     you are hereby notified that any reading, dissemination,
>     copying, or other use of this communication or any of its attachments
>     is strictly prohibited.  If you have received this communication in
>     error, please notify the sender immediately by replying to this
>     and deleting this message, any attachments, and all copies and
>     from your computer.