2014/1/16 Alan Osborne <[email protected]> > Hi, > > > > I've created a self-signed certificate using certreq, imported that into > the Trusted Root store on the DC, imported it into the Trusted Root store > on a Windows 7 client machine, and successfully established an SSL > encrypted connection on port 3269 (the DC is a global catalog) using LDAP > Admin. > > > > To try to get LTB SSP working with LDAPS, I have modified the > config.inc.php file as follows: > > > > $ldap_url = > "ldaps://fqdn_of_dc_which_matches_subject_cn_value_of_cert:3269" > > $ad_mode = true; > > $samba_mode = false; > > $who_change_password = "manager"; > > > > In the /etc/ldap/ldap.conf file, I've added: > > > > TLS_REQCERT > > > > Then, I restarted apache2. > > > > I'm still seeing these messages in the Apache2 logs: > > > > [error] [client 192.168.x.x] PHP Warning: ldap_mod_replace(): Modify: > Server is unwilling to perform in > /usr/share/self-service-password/lib/functions.inc.php on line 275, > referer: https://ltb_ssp_ip/self-service/index.php > > > > [error] [client 192.168.x.x] LDAP - Modify password error 53 (Server is > unwilling to perform), referer: https://ltb_ssp_ip/self-service/index.php > > > > Not sure what else to try… > >
Seems you are using the catalog port (3269) which is read-only. Use the standard SSL port (636). Clément.
_______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
