Possibility to use SSL/TLS (self-signed cert) for LDAP connection

chris's Avatar

chris

20 Nov, 2018 09:12 PM

Hi,

we are currently testing the HgLab platform and have a question regarding the LDAP connection:
Is it possible to connect via SSL or StartTLS with a self-signed certificate?
LDAP Connection without encryption is working fine but when we try to configure Port 636 (LDAP over SSL) connection to Active Directory is broken.
We got other applications working with LDAP over SSL with the same Domain Controller.
So we think that the problem is related to the self-signed certificate of the Enterprise CA wich the LDAP library does not trust.

Follwing is logged in global.log (its in german sadly. I think thats related to the .net version?):

21:57:17.7689 - Error - - HgLab.Core.Framework.Security.LdapAuthenticationModule - could not create PrincipalContextSystem.DirectoryServices.AccountManagement.PrincipalServerDownException: Mit dem Server konnte keine Verbindung hergestellt werden. ---> System.DirectoryServices.Protocols.LdapException: Der LDAP-Server ist nicht verfügbar.
  bei System.DirectoryServices.Protocols.LdapConnection.Connect()
   bei System.DirectoryServices.Protocols.LdapConnection.SendRequestHelper(DirectoryRequest request, Int32& messageID)
   bei System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
   bei System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request)
   bei System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)
   bei System.DirectoryServices.AccountManagement.PrincipalContext.DoServerVerifyAndPropRetrieval()
   bei System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name, String container, ContextOptions options, String userName, String password)
   bei HgLab.Core.Framework.Security.LdapAuthenticationModule.CreateDomainContext() in d:\projects\hglab\src\HgLab.Core\Framework\Security\LdapAuthenticationModule.cs:Zeile 294. bei System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)
   bei System.DirectoryServices.AccountManagement.PrincipalContext.DoServerVerifyAndPropRetrieval()
   bei System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name, String container, ContextOptions options, String userName, String password)
   bei HgLab.Core.Framework.Security.LdapAuthenticationModule.CreateDomainContext() in d:\projects\hglab\src\HgLab.Core\Framework\Security\LdapAuthenticationModule.cs:Zeile 294.
System.DirectoryServices.Protocols.LdapException: Der LDAP-Server ist nicht verfügbar.
   bei System.DirectoryServices.Protocols.LdapConnection.Connect()
   bei System.DirectoryServices.Protocols.LdapConnection.SendRequestHelper(DirectoryRequest request, Int32& messageID)
   bei System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
   bei System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request)
   bei System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties) bei System.DirectoryServices.Protocols.LdapConnection.Connect()
   bei System.DirectoryServices.Protocols.LdapConnection.SendRequestHelper(DirectoryRequest request, Int32& messageID)
   bei System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
   bei System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request)
   bei System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)
21:57:17.7689 - Error - - HgLab.Core.Framework.Security.LdapAuthenticationModule - could not create PrincipalContext

Thanks in advance
Chris

  1. Support Staff 1 Posted by Anton Gogolev on 26 Nov, 2018 01:47 PM

    Anton Gogolev's Avatar

    Chris,

    Apologies for the late reply. This indeed looks like a certificate chain
    trust issue. Would it be possible to attach the certificate for me to look
    into it?

  2. 2 Posted by Natalie Glover on 13 Sep, 2024 05:45 PM

    Natalie Glover's Avatar

    Hi there,

    We run a social media service where we can increase your subscribers/followers on Facebook, Youtube, Instagram and TikTok.

    We use targeted advertising resulting in real organic subscribers/followers. People only subscribe/follow your profile if they are genuinely interested in your content. No incentives, and no 'fake' followers or 'bots'.

    Our prices start from just $60 (USD) per month and we can start immediately.

    We offer an introductory trial at no cost, so you can see the process yourself first.

    If you are interested in learning more or have any questions we can discuss further.

    Kind Regards,
    Natalie

  3. 3 Posted by Silke Shoebridg... on 13 Jan, 2025 10:42 AM

    Silke Shoebridge's Avatar

    I store USDT in my OKX wallet and have my seed phrase (clean party soccer advance audit clean evil finish tonight involve whip action). How can I transfer this amount to Binance?

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

18 Jan, 2025 05:02 PM
13 Jan, 2025 10:42 AM
29 Nov, 2024 10:00 AM
12 Jan, 2023 12:25 PM
10 Jan, 2023 04:49 PM