I think it is a connectivity problem, are there servers located in the same data center, or on the same server? Riley Childs Student Asst. Head of IT Services Charlotte United Christian Academy (704) 497-2086 RileyChilds.net Sent from my Windows Phone, please excuse mistakes ________________________________ From: [log in to unmask]<mailto:[log in to unmask]> Sent: ý3/ý27/ý2014 5:24 PM To: [log in to unmask]<mailto:[log in to unmask]> Subject: Re: [CODE4LIB] ILLiad and LDAP SSL connection issue Thanks, Forgot to mention that. We have the certificates in a Trusted Certificate store on the W2008 server that resolved the cert errors we were initially getting. I'm not sure what 'binding with a service account with Domain Admin privileges' means in this case. Our LDAP is not AD, but Novell eDirectory (if that matters). Also, the bind to LDAP is successful; I would think an error at that level would throw an error rather than getting dropped on the response. -- Programmer Analyst, Virtual Library Services MSK Research Library Memorial Sloan-Kettering Cancer Center On 3/27/14 4:48 PM, "Riley Childs" <[log in to unmask]> wrote: >Make sure the Active Directory SSL certificate is in the keystore of >whatever Illiad runs on and you are binding with a service account with >Domain Admin privs. > >Riley Childs >Student >Asst. Head of IT Services >Charlotte United Christian Academy >(704) 497-2086 >RileyChilds.net >Sent from my Windows Phone, please excuse mistakes >________________________________ >From: [log in to unmask]<mailto:[log in to unmask]> >Sent: ?3/?27/?2014 2:11 PM >To: [log in to unmask]<mailto:[log in to unmask]> >Subject: [CODE4LIB] ILLiad and LDAP SSL connection issue > >We have a strange problem with ILLiad, LDAP and a Windows 2008 server >using SSL on port 636. > >When I view the illiad logs it's clear the authentication only partially >completes as the request is sent, ldap binds/authenticates, but the >authentication isn't received by illiad. >The illiad log reports a time out. The odd thing is that the user can >sometimes click the submit button again, or even just refresh the login >page, and the authentication succeeds with the user getting to their >ILLiad home page. > >When I say that LDAP authenticates I mean we see the results on the logs, >and of course, that strangeness where hitting the refresh or submit >button takes a user to their home page. Had they not hit refresh or >re-submit, we'd see the timeout. > >We have no problems using non-ssl on 389 by the way. >Our Ldap server is Novell eDirectory server (now NetIQ) v8.8 sp5 on SLES > >Any ideas would be really helpful. >Thanks >Eric > > > > ===================================================================== > > > > Please note that this e-mail and any files transmitted from > > Memorial Sloan-Kettering Cancer Center may be privileged, >confidential, > > and protected from disclosure under applicable law. If the reader of > > this message is not the intended recipient, or an employee or agent > > responsible for delivering this message to the intended recipient, > > you are hereby notified that any reading, dissemination, >distribution, > > copying, or other use of this communication or any of its attachments > > is strictly prohibited. If you have received this communication in > > error, please notify the sender immediately by replying to this >message > > and deleting this message, any attachments, and all copies and >backups > > from your computer. >