LDAP with TLS

Started by Sch.Donat, August 03, 2020, 10:43:33 PM

Previous topic - Next topic

Sch.Donat

Hi!

When NetXMS is connecting to a LDAP server using the ldaps protocol (secure ldap), what certificate store does it use, to verify the ldap server's certificate? I'm trying to connect to a server which uses a certificate that is signed by a Root CA that is in the same network  (intranet, so no internet access), so basically it's a self signed certificate. The Root CA's certificate is added to Windows's cert store, and also I added it to the openssl.exe program that is shipped with NetXMS, but the connection is terminated after the TLS server hello message. In NetXMS log there is not much, it says that it couldn't connect to the server.

Regards

Victor Kirhenshtein

Hi,

we are using LDAP client provided by Windows (Wldap32.dll), so I suppose it has to use Windows certificate store for root CA certificate. There are no mention in documentation about any specific requirements for LDAP client to work over TLS. Are you sure that your LDAP server picks up correct certificate and actually supports secure connection? As I remember it is quite tricky process to setup Windows LDAP server for TLS. Did you check LDPAS connection with other tools (ldp.exe for example)?

Best regards,
Victor

Sch.Donat

Hi!

Thanks for the clarification!

The problem was that I only added the trusted CA to my Windows account and not the system. After I did the latter, it worked fine.

Regards