Do you have a question? Post it now! No Registration Necessary. Now with pictures!
January 19, 2006, 1:42 pm
rate this thread
pointers to the right group would be great.
I am trying to write a script that authenticates a user with AD from a
website running apache. I have apache installed with ldap support as
well as openssl and PHP. At the moment i can connect and authenticate a
user fine when i just connect to the DC on the normal unsecured port of
386. When i try to change it to port 636 for SSL it can no longer bind?
The webserver and DC are running on different servers. When i connect
using ldp.exe on the DC with SSL it will connect and bind fine. The
same happens on the webserver.
This has obviously got me a little confused and so any ideas would be
great. I capture the packets using ethereal when the site trys to bind
to LDAP using SSL and i get.
No. Time Source Destination
15 2.573579 192.168.1.191 192.168.1.69 TLS
Alert (Level: Fatal, Description: Unknown CA)
Frame 15 (61 bytes on wire, 61 bytes captured)
Ethernet II, Src: Shuttle_b5:4e:5a (00:30:1b:b5:4e:5a), Dst:
Internet Protocol, Src: 192.168.1.191 (192.168.1.191), Dst:
Transmission Control Protocol, Src Port: 1353 (1353), Dst Port: ldaps
(636), Seq: 149, Ack: 4646, Len: 7
Secure Socket Layer
TLS Record Layer: Alert (Level: Fatal, Description: Unknown CA)
Content Type: Alert (21)
Version: TLS 1.0 (0x0301)
Level: Fatal (2)
Description: Unknown CA (48)
This is being sent from the machine running the webserver and where the
request came from to the DC.
When you first go to the site it asks you to accept the certificate
which it does fine.
Thanks in advance for any help