We also had issues with LDAP authentication when we migrated ILLiad to Windows 2008 R2 last winter.  Although it doesn't appear to be the same one that you are having.   Authentication was fine on our W2003 server but as soon as we moved to W2008, our LDAP server was seeing all communication coming from ILLiad as using the SSL 2.0 protocol rather than the more secure SSL 3.0 protocol which then caused our LDAP authentication to fail.   The vendor was also stumped in this situation and we eventually had to figure out a solution ourselves.

I'd be glad to share more info with you on our solution if you think it would help.


- - - - - - - - - - - - - - - - -
Heather Klish
Systems Librarian
University Library Technology
[log in to unmask]

-----Original Message-----
From: Code for Libraries [mailto:[log in to unmask]] On Behalf Of [log in to unmask]
Sent: Friday, March 28, 2014 12:34 PM
To: [log in to unmask]
Subject: Re: [CODE4LIB] ILLiad and LDAP SSL connection issue

Thanks, That's a good line of enquiry Riley.
I'm  not sure how to take that further unfortunately.

ILLiad is OCLC's Document Delivery platform written in .NET that runs in the context of IIS, in this case IIS 7.5 The issue hasn't gone very far with OCLC or the vendor behind ILLiad.
They seem to be stumped and I fear it's a 'not of our doing' symptom (which includes my company).
I have limited experience with IIS and Windows, and virtually none with LDAP.

If anyone knows of another forum or list, that would be helpful too.

On 3/28/14 11:18 AM, "Riley Childs" <[log in to unmask]> wrote:

>Does illiad run on top of something (IIS, Tomcat etc)
>>Yes, I think so. But narrowing that down has been the challenge and 
>>it's extremely difficult to put the blame squarely in one corner.
>>So, my question has been what exactly is the connectivity issue. Is it 
>>W2008, Illiad or LDAP?
>>Since it works on port 389 I'd like to rule out ILLiad but I'm struck 
>>by how a refresh on the browser allows the authentication.
>>The windows server and LDAP are managed by different groups, and are 
>>different stacks, windows 2008 server vs Novell on linux.
>>Since LDAP is binding I assume the problem is with the Windows 
>>configuration or certificate, or store.
>>To answer your last questions.
>>The servers are in the same data center, and an ldapadmin test from 
>>the windows server is successful.
>>This is a new Windows server with the latest version of ILLiad. We 
>>bumped up servers from W2003 to W2008 There's not much revealing in 
>>the logs, folks from Atlas System and OCLC have looked at them.



     Please note that this e-mail and any files transmitted from

     Memorial Sloan-Kettering Cancer Center may be privileged, confidential,

     and protected from disclosure under applicable law. If the reader of

     this message is not the intended recipient, or an employee or agent

     responsible for delivering this message to the intended recipient,

     you are hereby notified that any reading, dissemination, distribution,
     copying, or other use of this communication or any of its attachments

     is strictly prohibited.  If you have received this communication in

     error, please notify the sender immediately by replying to this message

     and deleting this message, any attachments, and all copies and backups

     from your computer.