We have a new Drupal server and wanted to connect it up to LDAP. It sits over in a DC where we have no AD servers and of course it needs LDAP to make it easier for users to login and not have to remember 1001 passwords, which is fair enough. Now for this we obviously need to run it over LDAPS as I don't know about anyone else but I don't want the f*ckers of this world getting my AD password when its passed in clear text over the internet and authenticates etc.
Now when i tried to connect to the RODC via LDAPS (port 636) using ldapsearch it just failed with:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Peer's certificate issuer is not recognized...
We already had the CA cert and the RODC cert in /etc/ssl/certs but obviously this isn't the right thing to do as linux needs to actually fully trust our CA. Easy way to add a CA to CentOS is to run the following:
cp ca.cer /etc/pki/ca-trust/source/anchor
update-ca-trust extract
No need to worry about converting a certificate from a Microsoft server to a .pem etc as I just used it against our CA server certificate which is a .cer and it worked a treat. I ran a LDAP test in Drupal and got the result I wanted straight away so no need to restart or anything...however if you wanted to restart the server and pop to the pub while it "starts back up again" then I wouldn't blame you ;)
No comments:
Post a Comment