ACS 4.2 Generic LDAP with SSL

cstamataras · ‎10-16-2012

Dear all,

I have ACS 4.2 and try to configure it with Generic LDAP.

Unfortunately, the TLS is enabled on the AD and so the SSL checkbox must be enabled on the ACS configuration, and the port to be changed to 636.

I have joined the server in the domain where the LDAP is.

I have installed the root certificate in the ACS server.

I have installed the domain controller certificate in the ACS server.

I have all those in the trusted list of CAs in the application and in the OS.

I can query the LDAP with the same settings with a 3rd party application with the same user as the one configured in ACS, and it works.

The config is:

The ip address of the primary dc,

port 636,

Use LDAPv3 (as it is on the ldap server)

Use secure authentication

Use the already installed and trusted Root CA certificate

the user with which I used in the 3rd party application and it could query the domain.

Still, when I try to query the LDAP, it does not work giving an error that

External DB reports about an error condition

I put a sniffer and I saw that the primary DC sends its' certificate and immediately after that the ACS server replies with Unknown CA.

Any ideas why?

Chris

mmletzko · ‎10-30-2012

I have a similar issue. Trying to set up EAP-TLS against an ADAM instance (Generic LDAP) with ACS 4.2. I'm not able to enumerate the directory (not sure if this works anyway - have never worked with LDAP in ACS before) or authenticate against it. I can successfully authenticate against the same AD using EAP-TLS via windows (user and machine), but it's not working as LDAP. I'm also getting the "External DB reports about an error condition" message in the failed log.