| Author |
Topic: LDAP Signing Required |
|
tvv1974
member
offline  |
| |
| posts: |
1 |
| joined: |
12/06/2010 |
| from: |
India
India |
|
|
 |
|
|
| LDAP Signing Required |
We have a monitoring application from eG Innovation which integrates with AD. The application uses Tomcat and queries AD to add users to different in built application roles for monitoring management (delegation).
The tool was working fine until we have enabled LDAP Server Signing Required group policy setting. Now the LDAp queries have started failing even after enabling the LDAP Client Side Signing required policy setting.
I see in the Catalina.log file the below error:
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C0901FC, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db0 ]
How do i configure the application to support LDAP Signing. I am not an application guy hence Java and others are GREEK and LATIN. Please assist. |
|
|
|
|
|
|
authen
member
offline  |
| |
| posts: |
36 |
| joined: |
08/07/2006 |
| from: |
San Diego, CA |
|
|
|
|
|
|
>>The tool was working fine until we have enabled LDAP Server Signing Required group policy setting.
So, that means you have installed a server's certificate on client side and everything is working as expected.
>> Now the LDAp queries have started failing even after enabling the LDAP Client Side Signing required policy setting.
This is the case of mutual authentication which requires client's certificate to be known to server as well.
As the name "Client Side Signing" implies, install client's CA's certificate (not client's since you may have millions of clients) on server side and run it again.
|
|
|
|
|
|
|
|
Email To Friend | 
Set Alert To This Topic
New Topic | 
Post Reply 
posted on: 12/06/2010 01:03:07 PM
Edit
Quote
Report
Profile
Reply