LDAP win2003/SSL
in [Active Directory]
|
From: VG on 20 Jul 2006 05:17 Hello. I am trying to connect (LDAP) to a win2003 AD with a 3rd party application. I get this error message from Softterra LDAP browser: 00002028: LdapErr: DSID-0C09018A, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, vece And this error message from the 3rd party application: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C09018A, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, vece ] How do I change the LDAP configuration to allow normal connection with an admin account? I will be thankful for all help in this matter.
From: Joe Richards [MVP] on 20 Jul 2006 14:17 This means that your third party app is probably using simple binds without using SSL/TLS. This is generally considered to be insecure because passwords are passed in the clear across the network. Also it means the application is susceptible to possible man in the middle attacks. Check out the section on "Domain Controller: LDAP Server signing requirements" in the KB article http://support.microsoft.com/kb/823659 as well as http://technet2.microsoft.com/WindowsServer/en/library/56044016-3123-4859-8fd9-c5a461a1c5c81033.mspx?mfr=true -- Joe Richards Microsoft MVP Windows Server Directory Services Author of O'Reilly Active Directory Third Edition www.joeware.net ---O'Reilly Active Directory Third Edition now available--- http://www.joeware.net/win/ad3e.htm VG wrote: > Hello. > > I am trying to connect (LDAP) to a win2003 AD with a 3rd party application. > I get this error message from Softterra LDAP browser: > > 00002028: LdapErr: DSID-0C09018A, comment: The server requires binds to turn > on integrity checking if SSL\TLS are not already active on the connection, > data 0, vece > > And this error message from the 3rd party application: > > [LDAP: error code 8 - 00002028: LdapErr: DSID-0C09018A, comment: The server > requires binds to turn on integrity checking if SSL\TLS are not already > active on the connection, data 0, vece ] > > How do I change the LDAP configuration to allow normal connection with an > admin account? > > I will be thankful for all help in this matter. >
From: VG on 20 Jul 2006 15:19 Thank you for very useful links. "Joe Richards [MVP]" wrote: > This means that your third party app is probably using simple binds > without using SSL/TLS. This is generally considered to be insecure > because passwords are passed in the clear across the network. Also it > means the application is susceptible to possible man in the middle attacks. > > Check out the section on "Domain Controller: LDAP Server signing > requirements" in the KB article > > http://support.microsoft.com/kb/823659 > > as well as > > http://technet2.microsoft.com/WindowsServer/en/library/56044016-3123-4859-8fd9-c5a461a1c5c81033.mspx?mfr=true > > > > -- > Joe Richards Microsoft MVP Windows Server Directory Services > Author of O'Reilly Active Directory Third Edition > www.joeware.net > > > ---O'Reilly Active Directory Third Edition now available--- > > http://www.joeware.net/win/ad3e.htm > > > VG wrote: > > Hello. > > > > I am trying to connect (LDAP) to a win2003 AD with a 3rd party application. > > I get this error message from Softterra LDAP browser: > > > > 00002028: LdapErr: DSID-0C09018A, comment: The server requires binds to turn > > on integrity checking if SSL\TLS are not already active on the connection, > > data 0, vece > > > > And this error message from the 3rd party application: > > > > [LDAP: error code 8 - 00002028: LdapErr: DSID-0C09018A, comment: The server > > requires binds to turn on integrity checking if SSL\TLS are not already > > active on the connection, data 0, vece ] > > > > How do I change the LDAP configuration to allow normal connection with an > > admin account? > > > > I will be thankful for all help in this matter. > > >
|
Pages: 1 Prev: what is reset account? Next: AD GPO to control Windows Firewall Settings |