I have LDAP Admin v1.8.2.0 installed on my Windows 10 system. I have created a connection in LDAP Admin with the information/credentials of my LDAP server (an OpenLDAP system running on SLES 12 SP3). In the 'Connection properties' dialog, if I specify 389 for the 'Port' and do not check the 'TLS' checkbox, LDAP Admin logs in to my LDAP server and displays the expected LDAP records/information.
But if I change just two things (change Port from 389 to 636 and check the 'TLS' checkbox) and use this connection, LDAP Admin displays a pop-up box containing the message, "LDAP error: Unwilling to Perform!' error".
The SLES 12 SP3 system that is running my LDAP server is also my CA, and I have used the YaST tool to set up the CA, create a server certificate, and provide this when configuring the LDAP server. I exported the CA root certificate, and used the Windows 'certlm' tool to import that certificate to the 'Trusted Root Certification Authorities' store.This root certificate appears whole and healthy.
Also, I used the 'openssl s_client -connect {hostname}:636' command to see the dialog between an LDAP client and the LDAP server, and verified that the certificate being returned was not self-signed, but was signed by the CA:
Also, I ensured that, when defining the LDAP Admin connection, I used the FQDN of the LDAP server in the 'Host' field of the 'Connection' box. This same FQDN value is in the Subject field of the server certificate field being presented, which contains:
Subject: C=US, CN=ledmf081.lss.emc.com
So, any thoughts about why LDAP Admin is reporting this error?
Also, how can I enable debugging in LDAP Admin, so I can see more/better error/debug messages?
Thanks!
tl
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
it'you cannot use TSLover SSL port, it doesn't make sense either as they are both doing essentialy the same. Proper way to do it: With TLS on the standard LDAP port, with SSL on the ssl port (usually 636). So everything works as it should, don't worry.
Bet regards,
Tihomir
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
View and moderate all "Open Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Discussion"
Hi
I have LDAP Admin v1.8.2.0 installed on my Windows 10 system. I have created a connection in LDAP Admin with the information/credentials of my LDAP server (an OpenLDAP system running on SLES 12 SP3). In the 'Connection properties' dialog, if I specify 389 for the 'Port' and do not check the 'TLS' checkbox, LDAP Admin logs in to my LDAP server and displays the expected LDAP records/information.
But if I change just two things (change Port from 389 to 636 and check the 'TLS' checkbox) and use this connection, LDAP Admin displays a pop-up box containing the message, "LDAP error: Unwilling to Perform!' error".
The SLES 12 SP3 system that is running my LDAP server is also my CA, and I have used the YaST tool to set up the CA, create a server certificate, and provide this when configuring the LDAP server. I exported the CA root certificate, and used the Windows 'certlm' tool to import that certificate to the 'Trusted Root Certification Authorities' store.This root certificate appears whole and healthy.
Also, I used the 'openssl s_client -connect {hostname}:636' command to see the dialog between an LDAP client and the LDAP server, and verified that the certificate being returned was not self-signed, but was signed by the CA:
Certificate chain
0 s:/C=US/CN=ledmf081.lss.emc.com
i:/C=US/CN=YaST_Default_CA
1 s:/C=US/CN=YaST_Default_CA
i:/C=US/CN=YaST_Default_CA
Also, I ensured that, when defining the LDAP Admin connection, I used the FQDN of the LDAP server in the 'Host' field of the 'Connection' box. This same FQDN value is in the Subject field of the server certificate field being presented, which contains:
Subject: C=US, CN=ledmf081.lss.emc.com
So, any thoughts about why LDAP Admin is reporting this error?
Also, how can I enable debugging in LDAP Admin, so I can see more/better error/debug messages?
Thanks!
tl
Hello,
it'you cannot use TSLover SSL port, it doesn't make sense either as they are both doing essentialy the same. Proper way to do it: With TLS on the standard LDAP port, with SSL on the ssl port (usually 636). So everything works as it should, don't worry.
Bet regards,
Tihomir