 |
 |
Does illiad run on top of something (IIS, Tomcat etc) On 3/28/14, 9:24 AM, "[log in to unmask]" <[log in to unmask]> wrote: >Yes, I think so. But narrowing that down has been the challenge and it's >extremely difficult to put the blame squarely in one corner. >So, my question has been what exactly is the connectivity issue. Is it >W2008, Illiad or LDAP? > >Since it works on port 389 I'd like to rule out ILLiad but I'm struck by >how a refresh on the browser allows the authentication. >The windows server and LDAP are managed by different groups, and are >different stacks, windows 2008 server vs Novell on linux. >Since LDAP is binding I assume the problem is with the Windows >configuration or certificate, or store. > >To answer your last questions. >The servers are in the same data center, and an ldapadmin test from the >windows server is successful. >This is a new Windows server with the latest version of ILLiad. We bumped >up servers from W2003 to W2008 >There's not much revealing in the logs, folks from Atlas System and OCLC >have looked at them. > >Thanks > > > >On 3/28/14 1:08 AM, "Riley Childs" <[log in to unmask]> wrote: > >>I think it is a connectivity problem, are there servers located in the >>same data center, or on the same server? >> >>Riley Childs >>Student >>Asst. Head of IT Services >>Charlotte United Christian Academy >>(704) 497-2086 >>RileyChilds.net >>Sent from my Windows Phone, please excuse mistakes >>________________________________ >>From: [log in to unmask]<mailto:[log in to unmask]> >>Sent: ?3/?27/?2014 5:24 PM >>To: [log in to unmask]<mailto:[log in to unmask]> >>Subject: Re: [CODE4LIB] ILLiad and LDAP SSL connection issue >> >>Thanks, Forgot to mention that. >>We have the certificates in a Trusted Certificate store on the W2008 >>server that resolved the cert errors we were initially getting. >> >>I'm not sure what 'binding with a service account with Domain Admin >>privileges' means in this case. >>Our LDAP is not AD, but Novell eDirectory (if that matters). >>Also, the bind to LDAP is successful; I would think an error at that >>level >>would throw an error rather than getting dropped on the response. >> >> >>-- >>Programmer Analyst, Virtual Library Services >> >>MSK Research Library >>Memorial Sloan-Kettering Cancer Center >> >> >> >> >>On 3/27/14 4:48 PM, "Riley Childs" <[log in to unmask]> wrote: >> >>>Make sure the Active Directory SSL certificate is in the keystore of >>>whatever Illiad runs on and you are binding with a service account with >>>Domain Admin privs. >>> >>>Riley Childs >>>Student >>>Asst. Head of IT Services >>>Charlotte United Christian Academy >>>(704) 497-2086 >>>RileyChilds.net >>>Sent from my Windows Phone, please excuse mistakes >>>________________________________ >>>From: [log in to unmask]<mailto:[log in to unmask]> >>>Sent: ?3/?27/?2014 2:11 PM >>>To: [log in to unmask]<mailto:[log in to unmask]> >>>Subject: [CODE4LIB] ILLiad and LDAP SSL connection issue >>> >>>We have a strange problem with ILLiad, LDAP and a Windows 2008 server >>>using SSL on port 636. >>> >>>When I view the illiad logs it's clear the authentication only partially >>>completes as the request is sent, ldap binds/authenticates, but the >>>authentication isn't received by illiad. >>>The illiad log reports a time out. The odd thing is that the user can >>>sometimes click the submit button again, or even just refresh the login >>>page, and the authentication succeeds with the user getting to their >>>ILLiad home page. >>> >>>When I say that LDAP authenticates I mean we see the results on the >>>logs, >>>and of course, that strangeness where hitting the refresh or submit >>>button takes a user to their home page. Had they not hit refresh or >>>re-submit, we'd see the timeout. >>> >>>We have no problems using non-ssl on 389 by the way. >>>Our Ldap server is Novell eDirectory server (now NetIQ) v8.8 sp5 on SLES >>> >>>Any ideas would be really helpful. >>>Thanks >>>Eric >>> >>> >>> >>> >>>===================================================================== >>> >>> >>> >>> Please note that this e-mail and any files transmitted from >>> >>> Memorial Sloan-Kettering Cancer Center may be privileged, >>>confidential, >>> >>> and protected from disclosure under applicable law. If the reader >>>of >>> >>> this message is not the intended recipient, or an employee or agent >>> >>> responsible for delivering this message to the intended recipient, >>> >>> you are hereby notified that any reading, dissemination, >>>distribution, >>> >>> copying, or other use of this communication or any of its >>>attachments >>> >>> is strictly prohibited. If you have received this communication in >>> >>> error, please notify the sender immediately by replying to this >>>message >>> >>> and deleting this message, any attachments, and all copies and >>>backups >>> >>> from your computer. >>> >>