Possibility to use SSL/TLS (self-signed cert) for LDAP connection

chris's Avatar

chris

20 Nov, 2018 09:12 PM

Hi,

we are currently testing the HgLab platform and have a question regarding the LDAP connection:
Is it possible to connect via SSL or StartTLS with a self-signed certificate?
LDAP Connection without encryption is working fine but when we try to configure Port 636 (LDAP over SSL) connection to Active Directory is broken.
We got other applications working with LDAP over SSL with the same Domain Controller.
So we think that the problem is related to the self-signed certificate of the Enterprise CA wich the LDAP library does not trust.

Follwing is logged in global.log (its in german sadly. I think thats related to the .net version?):

21:57:17.7689 - Error - - HgLab.Core.Framework.Security.LdapAuthenticationModule - could not create PrincipalContextSystem.DirectoryServices.AccountManagement.PrincipalServerDownException: Mit dem Server konnte keine Verbindung hergestellt werden. ---> System.DirectoryServices.Protocols.LdapException: Der LDAP-Server ist nicht verfügbar.
  bei System.DirectoryServices.Protocols.LdapConnection.Connect()
   bei System.DirectoryServices.Protocols.LdapConnection.SendRequestHelper(DirectoryRequest request, Int32& messageID)
   bei System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
   bei System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request)
   bei System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)
   bei System.DirectoryServices.AccountManagement.PrincipalContext.DoServerVerifyAndPropRetrieval()
   bei System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name, String container, ContextOptions options, String userName, String password)
   bei HgLab.Core.Framework.Security.LdapAuthenticationModule.CreateDomainContext() in d:\projects\hglab\src\HgLab.Core\Framework\Security\LdapAuthenticationModule.cs:Zeile 294. bei System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)
   bei System.DirectoryServices.AccountManagement.PrincipalContext.DoServerVerifyAndPropRetrieval()
   bei System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name, String container, ContextOptions options, String userName, String password)
   bei HgLab.Core.Framework.Security.LdapAuthenticationModule.CreateDomainContext() in d:\projects\hglab\src\HgLab.Core\Framework\Security\LdapAuthenticationModule.cs:Zeile 294.
System.DirectoryServices.Protocols.LdapException: Der LDAP-Server ist nicht verfügbar.
   bei System.DirectoryServices.Protocols.LdapConnection.Connect()
   bei System.DirectoryServices.Protocols.LdapConnection.SendRequestHelper(DirectoryRequest request, Int32& messageID)
   bei System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
   bei System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request)
   bei System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties) bei System.DirectoryServices.Protocols.LdapConnection.Connect()
   bei System.DirectoryServices.Protocols.LdapConnection.SendRequestHelper(DirectoryRequest request, Int32& messageID)
   bei System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
   bei System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request)
   bei System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)
21:57:17.7689 - Error - - HgLab.Core.Framework.Security.LdapAuthenticationModule - could not create PrincipalContext

Thanks in advance
Chris

  1. Support Staff 1 Posted by Anton Gogolev on 26 Nov, 2018 01:47 PM

    Anton Gogolev's Avatar

    Chris,

    Apologies for the late reply. This indeed looks like a certificate chain
    trust issue. Would it be possible to attach the certificate for me to look
    into it?

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

21 Aug, 2019 09:07 AM
30 Jul, 2019 08:59 PM
31 May, 2019 02:29 PM
26 Nov, 2018 01:47 PM
16 Nov, 2018 07:51 PM

 

06 Nov, 2018 04:30 PM
24 Oct, 2018 07:57 AM
20 Jul, 2018 11:07 PM
05 Jul, 2018 10:53 AM
27 May, 2018 01:33 AM
14 May, 2018 03:38 PM