2014-06-09 19:22 GMT+02:00 Marcio Rufino <[email protected]>: > First, congratulations on the project ... looks good! > I'm trying to configure the LTB to provide a method to change the password > of users in Active Directory. > I made several configurations but can not access the ldap. > Follow my settings: > > AD: 172.16.1.198 > Debian: 172.16.1.220 (com apache e php5 rodando) > > config.inc.php > # LDAP > $ldap_url = "ldaps://172.16.1.198"; > $ldap_binddn = "cn=admin,dc=teste,dc=local"; > $ldap_bindpw = "p@ssw0rd"; > $ldap_base = "dc=teste,dc=local"; > $ldap_login_attribute = "uid"; > $ldap_fullname_attribute = "cn"; > $ldap_filter = > "(&(objectClass=user)(sAMAccountName={login})(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; > > # Active Directory mode > $ad_mode = true; > # Force account unlock when password is changed > $ad_options['force_unlock'] = false; > # Force user change password at next login > $ad_options['force_pwd_change'] = false; > > # Hash mechanism for password: > $hash = "SSHA"; > > :. the rest of this default > > /etc/ldap/ldap.conf > BASE dc=teste,dc=local > URI ldaps://172.16.1.198 > TLS_CERT /etc/ssl/certs/certificado.pem > > This /etc/ssl/certs/certificado.pem was generated in AD as certificado.cer > On linux begotten him as certificado.pem > > Anyone know what might be missing? > > You need the CA cert and not the server cert on your Linux box. Get CA cert from AD and configure it with TLS_CACERT.
Clément.
_______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
