Login

There was a problem loading the comments.

Active Directory integration doesn't work with SSL and port 636

Print

Original Question or Issue:	Active Directory integration doesn't work with SSL and port 636 or getting error "Strong(er) authentication required"
Environment:	Product - Any Version - Any Platform - Any Application - Any
Steps to Reproduce:	Try to enable Use SSL and Port 636 for Active Directory integration
Error or Log Message:	Unable to contact LDAP server or Strong(er) authentication required
Defect or Enhancement Number:
Cause:	AD connection using SSL and port 636 requires openldap configuration
Resolution or Workaround:	1. Create an ldap.conf file Windows: c:\openldap\sysconf\ldap.conf Ubuntu: /etc/ldap/ldap.conf RHEL: /etc/openldap/ldap.conf 2. Add the following lines to the ldap.conf file based on how the AD server If your AD server doesn't have an SSL installed and SSL verification is not needed the contents in the file should be: TLS_REQCERT never If your AD server have an SSL installed and SSL verification is needed the contents in the file should be: TLS_REQCERT allow TLS_CACERT c:\openldap\sysconf\certs\CACERT_NAME TLS_CACERTDIR c:\openldap\sysconf\certs or TLS_REQCERT allow TLS_CACERTDIR c:\openldap\sysconf\certs Here, CACERT_NAME is the name of your CA certificate imported from AD and the certificates should be placed under c:\openldap\sysconf\certs If your AD server have an SSL installed and SSL verification is needed along with strict Cipher check the contents in the file should be: TLS_REQCERT allow TLS_CACERT c:\openldap\sysconf\certs\CACERT_NAME TLS_CACERTDIR c:\openldap\sysconf\certs SSLCipherSuite AES256-GCM-SHA384:AES256-AES256:AES256-SHA Here, Cipher value can be changed as per your setup. 3. Restart Apache and check the Active Directory connection
Notes:

Related Articles

Self-Hosted Help Desk Software by SupportPal

© FileCloud