Jump to content

LDAPS - The TLS connection request has failed


jzimmer

Recommended Posts

We are going from LDAP to LDAPS. Our data center is in AWS. 

 

Our ldap fqdn points to a cname and that points to a load blancer. 

 

I have loaded our LDAPS cert onto the server and it looks good. but when I switch from LDAP to LDAPS it fails to log in with a default message in passwordstate:

Failed 'Active Directory' login attempt for UserID 'yyy\zzzz' from the IP Address 'yy.yy.yy.yy'. Possible incorrect Username or Password, or this could also be caused by restricted Logon Hours in Active Directory.

 

I pulled up event viewer and found this in the log:

The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is hhhhhh.elb.us-east-1.amazonaws.com. The TLS connection request has failed. The attached data contains the server certificate.

 

it seems for some reason when password state sends the LDAPS request, it is looking for the name the cname points to, and not the cname itself. We have other systems running webservers with this same set up and it works. So it is not a set up issue.

 

I was wondering if there is a way to not care if the cert name matches the host name, or any other way for me to get LDAPS to work.

 

Current Version 8.8

Link to comment
Share on other sites

Hi jzimmer,

 

I've done a code review, and we do not appear to have any checks on the cert name as mentioned - basically our code is identical for LDAP and LDAPS, but with LDAPS we use a different port number. And we use the domain details you specific on the screen Administration -> Active Directory Domains.

If you by pass your Load Balancer for this, are you able to get it working in that instance?

Regards

Click Studios

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...