Your best option for a Secure connection to Active Directory is to use the CA EEM (Enterprise Entitlements Manager) that comes with Spectrum 9.0. You can configure EEM to use LDAPS to talk to the AD Server, then have Spectrum authentication done via the EEM Application. Bob Palma * Lead Architect * CIBER, Inc
________________________________ From: Stallcup, Phillip L. [mailto:[email protected]] Sent: Wed 1/7/2009 6:17 PM To: spectrum Subject: [spectrum] Spectrum OneClick and LDAPS I'm trying to get our OneClick server to authenticate against our Microsoft 2003 AD Domain. I've gone through the steps in the docs and have everything working using standard LDAP. Unfortunately, this passes authentication in clear text to AD - which is simply unacceptable. Enabling LDAPS fails with the following message. Exception: javax.naming.CommunicationException: simple bind failed: {IPscrubbed}:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate contains unsupported critical extensions: [2.5.29.17]] I've tried with version 8.1 and version 9.0 (the idea that the newer version with 9 would have fixed this problem) - but both do the same thing. Searching on the web, I've found references to this being a Java problem - but so far all the recommended solutions have failed. So far CA Support has not come up with a solution either. I'm hoping that we aren't the only people trying to get this working with Microsoft server PKI infrastructure and that someone has run into this and has a solution that works. Thanks, Phillip L Stallcup, CCNA IT Network Architect INTEGRIS Health [email protected] (405) 951-2088 (405) 951-9972 fax This e-mail may contain identifiable health information that is subject to protection under state and federal law. This information is intended to be for the use of the individual named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited and may be punishable by law. If you have received this electronic transmission in error, please notify us immediately by electronic mail (reply). --- To unsubscribe from spectrum, send email to [email protected] with the body: unsubscribe spectrum [email protected] --- To unsubscribe from spectrum, send email to [email protected] with the body: unsubscribe spectrum [email protected]
