Re: Secure LDAP

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Here is the error I'm getting:

Event Type: Error
Event Source: Schannel
Event Category: None
Event ID: 36876
Date: 8/24/2005
Time: 7:38:41 AM
User: N/A
Computer: Comptuer01
Description:
The certificate received from the remote server has not validated correctly.
The error code is 0x80090322. The SSL connection request has failed. The
attached data contains the server certificate.

"Kevin Antel" <kevina@xxxxxxxxxxx> wrote in message
news:%23aT36GBqFHA.2696@xxxxxxxxxxxxxxxxxxxxxxx
> Couldn't reboot the server just yet. So, I can't get the loggin out of
> it. I will post it in the a.m. tomorrow.
>
> Thanks for your help!
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote
> in message news:Ogwqf9AqFHA.2960@xxxxxxxxxxxxxxxxxxxxxxx
>>I know absolutely nothing about Novell LDAP, so I can't help you there.
>>However, the LDAP and SSL client stuff in the .NET API (assuming you are
>>using System.DirectoryServices and not Mono or the Novell C# LDAP
>>libraries) goes through the MS LDAP API and Schannel for SSL.
>>
>> What did the Schannel debugging tell you?
>>
>> Joe K.
>>
>> "Kevin Antel" <kevina@xxxxxxxxxxx> wrote in message
>> news:eSfsQvAqFHA.820@xxxxxxxxxxxxxxxxxxxxxxx
>>> Thanks for the insight.
>>>
>>> Quick question, you ever get a certificate to work for SLDAP from a
>>> Novell Server, connecting through an IIS 5.0 .NET API?
>>>
>>> If so, was there a document that guided you to setting up this
>>> environment?
>>>
>>> Thanks again!
>>>
>>> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
>>> wrote in message news:%236Jsrb0pFHA.1464@xxxxxxxxxxxxxxxxxxxxxxx
>>>> If the code running in IIS is using an MS LDAP API to connect (LDAP
>>>> API, ADSI or .NET System.DirectoryServices), then you can enable
>>>> Schannel logging on the IIS box to get more information about what is
>>>> going wrong in the SSL negotiation that causes the connect to fail.
>>>>
>>>> http://support.microsoft.com/?id=260729
>>>>
>>>> This has helped me many times. You still need to know a little bit
>>>> about certificates and such to interpret the errors, but it is much
>>>> better than what you have without it.
>>>>
>>>> Joe K.
>>>>
>>>> "Kevin Antel" <kevina@xxxxxxxxxxx> wrote in message
>>>> news:OQdAgY0pFHA.764@xxxxxxxxxxxxxxxxxxxxxxx
>>>>> Well, certainly, I think those tools would work. I guess my problem
>>>>> is bigger. I received a certificate from the Novell Server, and I am
>>>>> trying to have a web application verify login information from our IIS
>>>>> 5.0 box, to their Novell LDAP server, using SLDAP. We can get the
>>>>> unsecured to work just fine. It's when I try secured, that we aren't
>>>>> making any headway. So, I was hoping I could try using some other
>>>>> tools, to find out if my developers were missing something.
>>>>>
>>>>> Any thoughts?
>>>>>
>>>>>
>>>>>
>>>>> "Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx> wrote in message
>>>>> news:uOrXw2zpFHA.2784@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>> Command line?
>>>>>>
>>>>>> You're thinking something like ldapmodify?
>>>>>>
>>>>>> The tools that I'm familiar with that come with the OS would be AD
>>>>>> focused and may not work against your directory. Now, if you wanted
>>>>>> a GUI version, then LDP.EXE would be the easy choice. Is that not an
>>>>>> option?
>>>>>>
>>>>>> Why does it need to be command line? Maybe there's another way to do
>>>>>> what you're after.
>>>>>>
>>>>>> al
>>>>>>
>>>>>> "Kevin Antel" <kevina@xxxxxxxxxxx> wrote in message
>>>>>> news:ewB3GSzpFHA.708@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>>>I have a configuration where I am connecting to a Novell LDAP server,
>>>>>>>using SLDAP from a windows 2000 server. Are there command-line tools
>>>>>>>in 2000 to allow me to test the connection manually? So I can see
>>>>>>>what's going on?
>>>>>>>
>>>>>>> Thanks.
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>


.

Relevant Pages

  • Re: asp.net and ldap
    ... The application's ldap requery code works well on your development ... however you're encoutering "the server is not operational" error ... If so, based on my experience, this should be a certificate related ... > Computer Certificate Store's Trusted root CA to see whether you can find ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: cant use godaddy SSL cert
    ... passwd: files ldap ... I have revised the location of the cert files on the server noted in ... also on the server that is referenced in the TLS lines in ... 4299:error:0B084002:x509 certificate ...
    (freebsd-questions)
  • RE: asp.net and ldap
    ... The application's ldap requery code works well on your development ... however you're encoutering "the server is not operational" error ... If so, based on my experience, this should be a certificate related ... Computer Certificate Store's Trusted root CA to see whether you can find ...
    (microsoft.public.dotnet.framework.aspnet)
  • Urgent!!connect LDAP over SSL get the 36844 error
    ... I'm trying to enable LDAP over SSL on my test domain controller. ... certificate from a stand alone Microsoft CA that I installed on LDAP ... The certificate received from the remote server does not contain the ...
    (microsoft.public.windows.server.active_directory)
  • Re: Configuring LDAP SSL (...)
    ... If you have the "Domain Controller Authentication" template set to auto-enroll, your DCs will automatically obtain the certificate needed to do LDAP over SSL. ... > I trying to configure simple LDAP SSL query from a server B to a DC. ...
    (microsoft.public.windows.server.active_directory)