On 27. sep. 2017 15:17, Roger Aas wrote:
Maybe the AD server only supports SSL/TLS protocol versions that the nav server does not like because of security issues (SSL2/3 or possible even TLS1.0). Or the AD server requires TLS1.2 and the nav server does not handle this? > It could also be related to which cipher suits are supported by the different ends.
Best regards Sigmund Augdal
But you said you are using a Windows AD server for LDAP also? What version? We use a mix of 2012R2 and 2016 here, I have tried both, but with the same result.
Roger
No, we are not using AD for this. It's just our webfront.conf that resembles what you tried to do.
Another idea: the ldap library NAV uses also ships with a CLI tool (ldapsearch). Using this tool should trigger most of the same code paths as NAV, while hopefully giving better feedback on the errors.
Examples:
Dummy search using starttls:
ldapsearch -Z -x -H ldap://ldap.uninett.no:389
using SSL:
ldapsearch -x -H ldaps://ldap.uninett.no:636
Best regards
Sigmund