LDAP win2003/SSL

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello.

I am trying to connect (LDAP) to a win2003 AD with a 3rd party application.
I get this error message from Softterra LDAP browser:

00002028: LdapErr: DSID-0C09018A, comment: The server requires binds to turn
on integrity checking if SSL\TLS are not already active on the connection,
data 0, vece

And this error message from the 3rd party application:

[LDAP: error code 8 - 00002028: LdapErr: DSID-0C09018A, comment: The server
requires binds to turn on integrity checking if SSL\TLS are not already
active on the connection, data 0, vece ]

How do I change the LDAP configuration to allow normal connection with an
admin account?

I will be thankful for all help in this matter.
 
This means that your third party app is probably using simple binds
without using SSL/TLS. This is generally considered to be insecure
because passwords are passed in the clear across the network. Also it
means the application is susceptible to possible man in the middle attacks.

Check out the section on "Domain Controller: LDAP Server signing
requirements" in the KB article

http://support.microsoft.com/kb/823659

as well as

http://technet2.microsoft.com/Windo...3123-4859-8fd9-c5a461a1c5c81033.mspx?mfr=true



--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
 
Thank you for very useful links.

Joe Richards said:
This means that your third party app is probably using simple binds
without using SSL/TLS. This is generally considered to be insecure
because passwords are passed in the clear across the network. Also it
means the application is susceptible to possible man in the middle attacks.

Check out the section on "Domain Controller: LDAP Server signing
requirements" in the KB article

http://support.microsoft.com/kb/823659

as well as

http://technet2.microsoft.com/Windo...3123-4859-8fd9-c5a461a1c5c81033.mspx?mfr=true



--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm

Hello.

I am trying to connect (LDAP) to a win2003 AD with a 3rd party application.
I get this error message from Softterra LDAP browser:

00002028: LdapErr: DSID-0C09018A, comment: The server requires binds to turn
on integrity checking if SSL\TLS are not already active on the connection,
data 0, vece

And this error message from the 3rd party application:

[LDAP: error code 8 - 00002028: LdapErr: DSID-0C09018A, comment: The server
requires binds to turn on integrity checking if SSL\TLS are not already
active on the connection, data 0, vece ]

How do I change the LDAP configuration to allow normal connection with an
admin account?

I will be thankful for all help in this matter.
Click to expand...
Click to expand...
 
Back
Top