jasp101
asked on
LDAP over SSL implementation
Transitioning from 2003 domain controllers to 2012. The previous admin installed CA on the 2003 DC (we are assuming) to enable ldap over ssl but it isn't functioning correctly. I can connect using ldp.exe over ssl when I'm local on the old 2003 server, but when testing from clients it doesn't work. The error is below:
ld = ldap_sslinit("server.domai
Error 81 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION,
Error 81 = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to server.domain.local.
What would be the best option to get ldap ssl working on server 2012? The new 2012 server is in place and all the roles have been transferred. The only thing we would be currently using it for would be AD integration for our firewall, but that may change in the future. Should we migrate the CA from 2003 to 2012 and try to get that working or get rid of the 2003 CA and import a certificate from a third party?
ld = ldap_sslinit("server.domai
Error 81 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION,
Error 81 = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to server.domain.local.
What would be the best option to get ldap ssl working on server 2012? The new 2012 server is in place and all the roles have been transferred. The only thing we would be currently using it for would be AD integration for our firewall, but that may change in the future. Should we migrate the CA from 2003 to 2012 and try to get that working or get rid of the 2003 CA and import a certificate from a third party?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Domain is an internal name...asked digicert about it and they are going to stop supporting internal domains at the end of this year. So I will have to either use an internal CA or rename the domain.
ASKER
Another update. Certificate from old 2003 CA was expired. After renewing and waiting for everything to update, I can connect via ldp.exe over ssl. I guess my next step is to migrate the CA to the new 2012 DC.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER