Subject: Re: LDAP Signing Required
Author: authen
In response to: LDAP Signing Required
Posted on: 12/07/2010 07:45:46 PM
>>The tool was working fine until we have enabled LDAP Server Signing Required group policy setting.
So, that means you have installed a server's certificate on client side and everything is working as expected.
>> Now the LDAp queries have started failing even after enabling the LDAP Client Side Signing required policy setting.
This is the case of mutual authentication which requires client's certificate to be known to server as well.
As the name "Client Side Signing" implies, install client's CA's certificate (not client's since you may have millions of clients) on server side and run it again.
>
> On 12/06/2010 01:03:07 PM tvv1974 wrote:
We have a monitoring application from eG Innovation which integrates with AD. The application uses Tomcat and queries AD to add users to different in built application roles for monitoring management (delegation).
The tool was working fine until we have enabled LDAP Server Signing Required group policy setting. Now the LDAp queries have started failing even after enabling the LDAP Client Side Signing required policy setting.
I see in the Catalina.log file the below error:
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C0901FC, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db0 ]
How do i configure the application to support LDAP Signing. I am not an application guy hence Java and others are GREEK and LATIN. Please assist.
References:
