Possibility to use SSL/TLS (self-signed cert) for LDAP connection
Hi,
we are currently testing the HgLab platform and have a question regarding the LDAP connection:
Is it possible to connect via SSL or StartTLS with a self-signed certificate?
LDAP Connection without encryption is working fine but when we try to configure Port 636 (LDAP over SSL) connection to Active Directory is broken.
We got other applications working with LDAP over SSL with the same Domain Controller.
So we think that the problem is related to the self-signed certificate of the Enterprise CA wich the LDAP library does not trust.
Follwing is logged in global.log (its in german sadly. I think thats related to the .net version?):
21:57:17.7689 - Error - - HgLab.Core.Framework.Security.LdapAuthenticationModule - could not create PrincipalContextSystem.DirectoryServices.AccountManagement.PrincipalServerDownException: Mit dem Server konnte keine Verbindung hergestellt werden. ---> System.DirectoryServices.Protocols.LdapException: Der LDAP-Server ist nicht verfügbar.
bei System.DirectoryServices.Protocols.LdapConnection.Connect()
bei System.DirectoryServices.Protocols.LdapConnection.SendRequestHelper(DirectoryRequest request, Int32& messageID)
bei System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
bei System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request)
bei System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)
bei System.DirectoryServices.AccountManagement.PrincipalContext.DoServerVerifyAndPropRetrieval()
bei System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name, String container, ContextOptions options, String userName, String password)
bei HgLab.Core.Framework.Security.LdapAuthenticationModule.CreateDomainContext() in d:\projects\hglab\src\HgLab.Core\Framework\Security\LdapAuthenticationModule.cs:Zeile 294. bei System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)
bei System.DirectoryServices.AccountManagement.PrincipalContext.DoServerVerifyAndPropRetrieval()
bei System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name, String container, ContextOptions options, String userName, String password)
bei HgLab.Core.Framework.Security.LdapAuthenticationModule.CreateDomainContext() in d:\projects\hglab\src\HgLab.Core\Framework\Security\LdapAuthenticationModule.cs:Zeile 294.
System.DirectoryServices.Protocols.LdapException: Der LDAP-Server ist nicht verfügbar.
bei System.DirectoryServices.Protocols.LdapConnection.Connect()
bei System.DirectoryServices.Protocols.LdapConnection.SendRequestHelper(DirectoryRequest request, Int32& messageID)
bei System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
bei System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request)
bei System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties) bei System.DirectoryServices.Protocols.LdapConnection.Connect()
bei System.DirectoryServices.Protocols.LdapConnection.SendRequestHelper(DirectoryRequest request, Int32& messageID)
bei System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
bei System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request)
bei System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)
21:57:17.7689 - Error - - HgLab.Core.Framework.Security.LdapAuthenticationModule - could not create PrincipalContext
Thanks in advance
Chris
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Anton Gogolev on 26 Nov, 2018 01:47 PM
Chris,
Apologies for the late reply. This indeed looks like a certificate chain
trust issue. Would it be possible to attach the certificate for me to look
into it?
2 Posted by Natalie Glover on 13 Sep, 2024 05:45 PM
Hi there,
We run a social media service where we can increase your subscribers/followers on Facebook, Youtube, Instagram and TikTok.
We use targeted advertising resulting in real organic subscribers/followers. People only subscribe/follow your profile if they are genuinely interested in your content. No incentives, and no 'fake' followers or 'bots'.
Our prices start from just $60 (USD) per month and we can start immediately.
We offer an introductory trial at no cost, so you can see the process yourself first.
If you are interested in learning more or have any questions we can discuss further.
Kind Regards,
Natalie
3 Posted by Silke Shoebridg... on 13 Jan, 2025 10:42 AM
I store USDT in my OKX wallet and have my seed phrase (clean party soccer advance audit clean evil finish tonight involve whip action). How can I transfer this amount to Binance?