Classification: UNCLASSIFIED Caveats: NONE Mike, You are able to login without ssl, correct? If you feel that your certs are correct then you have to focus on the AREA LDAP form. BMC support wasn't very helpful and not many people have implemented LDAP authentication for Remedy. You have to remember the cn= or ou= prefixes on the Distinguished Name, User Base and User search Filter fields when configuring the AREA LDAP . Take a look at the arplugin.log file when you connect successfully without ssl and then enable ssl, try logging in and look at the log again. You can send me the log and I'll take a look at it. Is port 636 open on both sides?
Alex Alicea Systems Developer, NetOPS Cell Army Global-Network Operations and Security Center (AGNOSC) COMM:(703)706-2202 DSN 235 FAX:(703)706-1117 [EMAIL PROTECTED] [EMAIL PROTECTED] https://www.us.army.mil/suite/page/391911 From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of DeBord, Mike Sent: Friday, August 03, 2007 11:26 PM To: arslist@ARSLIST.ORG Subject: AREA LDAP SSL 6.3 Plugin Cores Hello list. It's been a while since my last post. I've been in the .NET world for a while. I just wanted to post my ordeal in trying to get LDAP over SSL going. I am using LDAP without SSL currently. I have been struggling for weeks trying to get SSL going. After much correspondence with BMC support, logs, patches etc. I finally was able to get the certificate imported into the cert7.db file. It seems like black magic. However, to test it I was never able to verify it by navigating in Netscape to the LDAP server because of an authentication window that pops up when I navigate to the LDAP server. I tried my credentials, the distinguished name and password, I even had the AD admin try to login. No go. Can't get past the dialog box. The AD LDAP server is Windows 2003. I found a 2000 LDAP server online that I was able to connect to without authentication and download the certificate via Netscape. Documentation would have been great if we were running 2000 AD. Seems there are some changes in 2003. Anyway, every time I enable SSL the arplugin dies and core dumps. Nice. I have an open issue/ticket with BMC and it is currently escallated to level 3 support. I am awaiting a debug version of the plugin with additional logging for additional testing. I can understand everyones frustration with this functionality as the documentation is very poor. It was 2 weeks in coorespondance before I finally got a good document from support to import the certificate. We are persuing PCI compliance and ssl ldap authentication is a requirement or so I'm told. Does anyone have LDAP/SSL working on the following environment? Connecting to: 2003 Active Directory - LDAP ARS 6.3 Patch 22 Solaris 10 Oracle 10g Thanks in advance. Mike DeBord ____________________________________________________________________________ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are" Classification: UNCLASSIFIED Caveats: NONE _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
smime.p7s
Description: S/MIME cryptographic signature