Hi everybody
I am using cacti 0.8.7b on a CentOS machine, and i wanna use the SSL or TLS encryption, but it doesn't work. Without encryption everything works fine.
this are my settings for none Encryption:
server: test.domain.com
Port Standard: 389
Port SSL: 636
Protocol: 3
Encryption: None
No searching
Distinguished Name (DN): <username>@test.domain.com
Search Base: dc=test,dc=domain,dc=com
and this for Encryption:
server: test.domain.com
Port Standard: 389
Port SSL: 636
Protocol: 3
Encryption: SSL or TLS
No searching
Distinguished Name (DN): <username>@test.domain.com
Search Base: dc=test,dc=domain,dc=com
The error messages are the following:
LDAP Error: General bind error, LDAP result: Can't contact LDAP server
or when i try to use TSL
LDAP Error: Protocol error, unable to start TLS communications
What is the problem? i saw an other post and the developer told there that he never tested this!
LDAP TLS SSL
Moderators: Developers, Moderators
I'm going to assume you're using Active Directory as the LDAP server.
You need to install a certificate on the domain controller. See http://support.microsoft.com/kb/321051 for instructions. Once you install the cert you can test it out using ldp (start/run/ldp). Try connecting to your server on port 636 using SSL. If everything is setup right then it will connect. You'll also see something like Host supports SSL, SSL cipher strength = 128 bits somewhere in the messages it spits out. If the certificate wasn't installed correctly then it won't connect.
After you get the server accepting LDAPS connections you'll need to configure your linux host to connect using SSL. My post at http://forums.cacti.net/viewtopic.php?t=31115 has instructions on how to do so.
You don't have to configure the binding section. I know I told you that in the pm I sent earlier, but I just tested it out and it works even if Cacti is set to "No Searching".
Good luck.
You need to install a certificate on the domain controller. See http://support.microsoft.com/kb/321051 for instructions. Once you install the cert you can test it out using ldp (start/run/ldp). Try connecting to your server on port 636 using SSL. If everything is setup right then it will connect. You'll also see something like Host supports SSL, SSL cipher strength = 128 bits somewhere in the messages it spits out. If the certificate wasn't installed correctly then it won't connect.
After you get the server accepting LDAPS connections you'll need to configure your linux host to connect using SSL. My post at http://forums.cacti.net/viewtopic.php?t=31115 has instructions on how to do so.
You don't have to configure the binding section. I know I told you that in the pm I sent earlier, but I just tested it out and it works even if Cacti is set to "No Searching".
Good luck.
A certificate on the domain controller is a requirement. If you can't get that installed, then I don't think you're going to get this working.
From MS:
There is no user interface for configuring LDAPS. Installing a valid certificate on a domain controller permits the LDAP service to listen for, and automatically accept, SSL connections for both LDAP and global catalog traffic.
From MS:
There is no user interface for configuring LDAPS. Installing a valid certificate on a domain controller permits the LDAP service to listen for, and automatically accept, SSL connections for both LDAP and global catalog traffic.
Who is online
Users browsing this forum: No registered users and 3 guests