Solved

Solaris Ruby -> MS ActiveDirectory/LDAP using a certificate? (and testing with ldapsearch)

Posted on 2008-06-23
1
1,177 Views
Last Modified: 2013-12-27
I am trying to make an LDAP connection from Ruby in Solaris (currently using Net::LDAP), over SSL, with a provided certificate file.

There are enough unknowns that I'm not clear where my problem is.  I've also been trying to test using OpenLDAP's ldapsearch tool.

My client provided a file, "certnew.cer".  I have Ruby built, Net::LDAP installed, OpenSSL installed, and OpenLDAP (for client tools).

Here's my ldapsearch test attempt with result:

$ ldapsearch -b 'dc=subd,dc=client,dc=com' -h adapps.subd.client.com -p 636 -Z -N certnew.cer -W SomePassword -v '(objectclass=*)'
ldapsearch: started Mon Jun 23 21:13:35 2008

ldap_init( adapps.subd.client.com, 636 )
SSL initialization failed: error -8174 (security library: bad database.)
~~~

I assume it makes more sense to get ldapsearch working before attempting this in Ruby (as my Ruby efforts fail as well, but leave more room for error on my part).

Thanks
0
Comment
Question by:michaelteter
1 Comment
 
LVL 27

Accepted Solution

by:
Nopius earned 250 total points
ID: 21852292
http://docs.sun.com/source/816-6698-10/ssl.html#18560

> Configuring Server Authentication in Clients

> When a client establishes an SSL connection with a server, it must trust the certificate presented by the server. In order to do so, the client must:

>    * Have a certificate database.

It seems you have no certificate database on a client... Read the article above on how to configure your certificate database.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question