LDAPS - The TLS connection request has failed

[jzimmer 1]

We are going from LDAP to LDAPS. our data center is in AWS. 

 

Our ldap fqdn points to a cname and that points to a load blancer. 

 

I have loaded our LDAPS cert onto the server and it looks good. but when I switch from LDAP to LDAPS it fails to log in with a default message in passwordstate:

Failed 'Active Directory' login attempt for UserID 'yyy\zzzz' from the IP Address 'yy.yy.yy.yy'. Possible incorrect Username or Password, or this could also be caused by restricted Logon Hours in Active Directory.

 

I pulled up event viewer and found this in the log:

The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is hhhhhh.elb.us-east-1.amazonaws.com. The TLS connection request has failed. The attached data contains the server certificate.

 

it seems for some reason when password state sends the LDAPS request, it is looking for the name the cname points to, and not the cname itself. We have other systems running webservers with this same set up and it works. So it is not a set up issue.

 

I was wondering if there is a way to not care if the cert name matches the host name, or any other way for me to get LDAPS to work.

[support 214]

Hi jzimmer,

I've done a code review, and we do not appear to have any checks on the cert name as mentioned - basically our code is identical for LDAP and LDAPS, but with LDAPS we use a different port number. And we use the domain details you specific on the screen Administration -> Active Directory Domains.

Are you still using version 7, since you posted in the part of the forums? If so, we'd suggest upgrading to version 8 and try again - version 7 will be out of support soon as well, as soon as we've released version 9.

Regards

Click Studios

[jzimmer 1]

Whoops, i posted in the wrong area, i am on Version 8.8.

 

I am going to move this to to 8.x form