OpenLDAP 2.4 and Server 2008 SP2 and R2

Question: We have a couple webservers that use OpenLDAP 2.4.19 to query AD and to reset specific domain account passwords (remote vendors and reps).  I recently upgraded our last 2003 DC to 2k8 R2 and this LDAP querying broke.

I've got a guy in that location whose still testing/poking around in there.  But can anyone tell me if there might have been changes in 08 that could've caused this that werent present in 03?

OpenLDAP complains specifically about "Unable to start TLS: Connect Error"

Spelunking on my own earlier I thought that maybe I should install the LDP role, which I did. I also installed a CA and made sure all the DC's have DC certs, which they do now.
LVL 14
Ben HartAsked:
Who is Participating?
 
markpalinuxCommented:

Does your Active Directory domain environment contain a certificate server?
I believe you would need a template that includes one for a domain controller as it seems you need to have ldaps ( port 636 -ldap over ssl  ) to function.  

Once a DC has a certificate in the computer certificate container that can handle domain controller then after a reboot ( or restart of ldap/ad services ) it should start using the certificate and answer on 636.  ( exchange 2007/2010 has self-signed certs by default , I do not believe Windows 2008 has uses or has any self-signed certs by default)

soft terra LDAP Browser -  is a great ldap browser that can test a SSL connection.
I would test a connection to port 389 - unsecured ldap - see if that works
then test a secure connection - if that doesn't work get a cert and make sure firewall is open.

Hope this helps.
Mark
0
 
Ben HartAuthor Commented:
Extra comment here.. I've been googling for hours now trying to find instructions on requesting an SSL certificate from the CA for this particular domain controller that is specified in the OpenLDAP config.  I'm have little to no luck.  I found a MSFT KB with a cut-paste of the request.inf file.. however trying to certreq it kicks back complaining about a lack of a cert template.  Tries adding CertificateTemplate = Web Server to the bottom of the inf and it bombs out saying it cant find that template even though the actual template does exist.
0
 
Ben HartAuthor Commented:
Wow I suck.. I apologize, i had forgotten all about this question. Got sidetracked onto a Fortigate project..ugh.  Thank you for your response.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.