SSL/TLS clients binds fail to Solaris 10 06/06 DS5.2p4 Server
hello all,
this is a bizarre issue that i think is related to the solaris version that is running on the directory server, at least this appears to the the issue. i have 2 SunDS servers running solaris 10 06/06 and the other solaris 10 01/06 with DS5.2p4. both have SSL enabled, the certs i signed with my own CA which i maintain with tinyca2. the directory starts fine and is listening on both 389(ldap) and 636(ldaps). i am able to successfully bind to both servers on the non-secure ports fine, commands like getent, finger, id are pulling the people from the directory. when i enable the clients to use ssl/tls those same commands fail against the solaris 10 06/06 machine but NOT the solaris 10 01/06 server. on the linux machines i'm getting "nscd: pam_ldap: could not search LDAP server" errors and on the solaris machines "Mesg: openConnection: failed to initialize TLS security" and "libsldap: Status: 7 Mesg: Session error no available conn."
using "ldapsearch -x -ZZ" from the clients is successful to both systems, and i can use "openssl s_client" to view the certs fine. another bizzare occurance is when i do "getent passwd" i see the local and ldap users but "getent passwd ldap_user" will return nothing. again this are against the solaris 10 06/06 machine.
has anyone see this before? i'm going to open a service request for sun on this but i wanted to see if anyone else has run into this.
there was a problem with the certificate db which was causing this.
Similar Messages
-
OpenSSL SSL/TLS Man-In-The-Middle Injection Attack CVE-2014-0224
Can some help me to fix Open SSL Issue in Windows server 2008 R2 CVE-2014-0224 , Please advice
Hi,
From the description on Open SSL site, it is fixed in newer versions so could you update to the new version?
https://www.openssl.org/news/vulnerabilities.html
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
CVE-2014-0224: 5th June 2014
An attacker can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. (original advisory).
Reported by KIKUCHI Masashi (Lepidum Co. Ltd.).
Fixed in OpenSSL 1.0.1h (Affected 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1)
Fixed in OpenSSL 1.0.0m (Affected 1.0.0l, 1.0.0k, 1.0.0j, 1.0.0i, 1.0.0g, 1.0.0f, 1.0.0e, 1.0.0d, 1.0.0c, 1.0.0b, 1.0.0a, 1.0.0)
Fixed in OpenSSL 0.9.8za (Affected 0.9.8y, 0.9.8x, 0.9.8w, 0.9.8v, 0.9.8u, 0.9.8t, 0.9.8s, 0.9.8r, 0.9.8q, 0.9.8p, 0.9.8o, 0.9.8n, 0.9.8m, 0.9.8l, 0.9.8k, 0.9.8j, 0.9.8i, 0.9.8h, 0.9.8g, 0.9.8f, 0.9.8e, 0.9.8d, 0.9.8c, 0.9.8b, 0.9.8a, 0.9.8)
If you have any feedback on our support, please send to [email protected] -
Transport error 202 bind failed address already in use
how to rectify -- transport error 202 bind failed address already in use-- while running CA server
i have created new production and pub server, first i runned production server after that while running CA server i got that error. if i run CA server independently its runningIt seems like a port conflict issue. You should check rmi and other ports in the configuration file for the component /atg/dynamo/Configuration in the localconfig of your production and publishing servers directories under <ATG>\home\servers. Also, your app server should be configured to run two separate instances for production and publishing server as per the http ports specified in /atg/dynamo/Configuration.
-
Hello, I´m stucked with this problem for 3 weeks now.
I´m not able to configure the EAP-TLS autentication.
In the "Certificate Store" of the ISE server I have Installed the Root, policy and the Issuing certificates as "trust for client authentication",and in the Local store I have a certificate issuing for the same issuing authority which sign the thw client ones.
The ISE´s certificate has been issued with the "server Authentication certificate" template.
The clients have installed the certificates also the certificate chain.
When I try to authenticate the wireless clients I allways get the same error: " Authentication failed : 12514 EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain"
and "OpenSSLErrorMessage=SSL alert
code=0x230=560 ; source=local ; type=fatal ; message="Unknown CA - error self-signed certificate in chain",OpenSSLErrorStack= 1208556432:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned:s3_srvr.c:2720"
I don´t know what else can I do.
Thank you
JorgeHi Rik,
the Below are the certificate details
ISE Certificate Signed by XX-CA-PROC-06
User PKI Signed by XX-CA-OTHER-08
In ISE certificate Store i have the below certificates
XX-CA-OTHER-08 signed by XX-CA-ROOT-04
XX-CA-PROC-06 signed by XX-CA-ROOT-04
XX-CA-ROOT-04 signed by XX-CA-ROOT-04
ISE certificate signed by XX-CA-PROC-06
I have enabled - 'Trust for client authentication' on all three certificates
this is unchecked - 'Enable Validation of Certificate Extensions (accept only valid certificate)'
when i check the certificates of current user in the Client PC this is how it shows.
XX-CA-ROOT-04 is listed in Trusted root Certification Authority
and XX-CA-PROC-06 and XX-CA-OTHER-08 are in Intermediate Certificate Authorities -
12520 EAP-TLS failed SSL/TLS handshake because the client rejected the ISE local-certificate
Hi guys,
I have root CA and intermediate CA in ISE local certificate store trusted for client authentication.
I have imported both root ca and client certificate in the device I want to authenticate, but ISE keeps spitting out this error :
12520 EAP-TLS failed SSL/TLS handshake because the client rejected the ISE local-certificateRefer the link for troubleshooting in page no 22 the issue is mentioned, check it: http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/howto_81_troubleshooting_failed_authc.pdf
-
Hi,
I am using 802.1x and EAP-TLS as authentication protocol. The clients are not able to pass the authentication the error log on ACS is
Authentication failed: EAP-TLS handshake failed SSL/TLS handshake because of an unknown CA in the client certification chain.
I have installed certificates on the WLC and ACS, however authentication is unsuccessful.
Can anybody help regarding this issue.Hi Sandeep,
Web auth certificate is defult certificate in wlc but you can also use your own(3rd party).
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/70584-csr-wlc-00.html
Virtual interface : This interface handles any mobility management, VPN Termination, Web authentication, and is also a DHCP relay for WLAN clients.
Yes its interconnected, the purpose for this entry is so that the controller knows the name of the of the certificates to virtual address translation.
1. Guest Client go to google.com
2. Client goes to DNS (the one its is assign in DHCP)
3. DNS resolves the DNS for google.com
4. Client then attempts to go to google.com
5. Controller intercepts GET and replaces it with a 1.1.1.1
6. Controller then takes the 1.1.1.1 and translates this to the DNS name to negat the (accpet this cert screen)
7. DNS then gets resolve to the name (example guest.xxx.com)
8. Controller presents the guest screen
Hope it helps.
Regards
Dont forget to rate helpful posts -
Hello There,
I need some help from DSEE or LDAP experts.
I am trying to configure DSEE 6.3.1 to use SSL(tls:simple).
*{color:#0000ff}I have Simple(non-SSL) method working just fine and*
**Also ldapsearch command works fine with simple and SSL methods*{color}**. So I know my certs are good but I just can not make ldap clien to work*
*I followed this document [http://brandonhutchinson.com/wiki/Soup_To_Nuts_Sun_DSEE#Solaris_10_instructions]*
I am using
ldapclient -v init -a profileName=profile3 -a certificatePath=/var/ldap -a domainName=mydomain.com -a proxyDN="cn=proxyagent,ou=pro*file,dc=mydomain,dc=com" -a proxyPassword=XXXXX ldap200.mydomain.com*
Here is the output
+Parsing profileName=profile3+
+Parsing certificatePath=/var/ldap+
+Parsing domainName=mydomain.com+
+Parsing proxyDN=cn=proxyagent,ou=profile,dc=mydomain,dc=com+
+Parsing proxyPassword=xxxxx+
+Arguments parsed:+
+domainName: mydomain.com+
+proxyDN: cn=proxyagent,ou=profile,dc=mydomain,dc=com+
+profileName: profile3+
+proxyPassword: xxxxx+
+defaultServerList: ldap200.mydomain.com+
+certificatePath: /var/ldap+
+Handling init option+
+About to configure machine by downloading a profile+
+findBaseDN: begins+
+findBaseDN: ldap not running+
+findBaseDN: calling __ns_ldap_default_config()+
+found 1 namingcontexts+
+findBaseDN: __ns_ldap_list(NULL, "(&(objectclass=nisDomainObject)(nisdomain=mydomain.com))"+
+rootDN[0] dc=mydomain,dc=com+
+found baseDN dc=mydomain,dc=com for domain mydomain.com+
+Proxy DN: cn=proxyagent,ou=profile,dc=mydomain,dc=com+
+Proxy password: {NS1}67eb0f447bc0f619+
+Credential level: 1+
+Authentication method: 3+
+About to modify this machines configuration by writing the files+
+Stopping network services+
+sendmail not running+
+nscd not running+
+autofs not running+
+ldap not running+
+nisd not running+
+nis(yp) not running+
+file_backup: stat(/etc/nsswitch.conf)=0+
+file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)+
+file_backup: stat(/etc/defaultdomain)=0+
+file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)+
+file_backup: stat(/var/nis/NIS_COLD_START)=-1+
+file_backup: No /var/nis/NIS_COLD_START file.+
+file_backup: nis domain is "mydomain.com"+
+file_backup: stat(/var/yp/binding/mydomain.com)=-1+
+file_backup: No /var/yp/binding/mydomain.com directory.+
+file_backup: stat(/var/ldap/ldap_client_file)=-1+
+file_backup: No /var/ldap/ldap_client_file file.+
+Starting network services+
+start: /usr/bin/domainname mydomain.com... success+
+start: sleep 100000 microseconds+
+start: sleep 200000 microseconds+
+start: network/ldap/client:default... success+
+restart: sleep 100000 microseconds+
+restart: sleep 200000 microseconds+
+restart: milestone/name-services:default... success+
+System successfully configured+
+When I run+
*It takes long time and then*
*+ldaplist: Object not found (Session error no available conn.+*
*+)+*
{color:#0000ff}The command logins also takes long time and does not show any LDAP users.{color}
*+{color:#ff6600}Here is the output from cachemgr.log on client*+*
*+{color}+*
+Tue Jul 14 12:16:07.8984 Starting ldap_cachemgr, logfile /var/ldap/cachemgr.log+
+Tue Jul 14 12:16:07.9391 sig_ok_to_exit(): parent exiting...+
+Tue Jul 14 12:16:17.9511 getldap_set_refresh_ttl:(6) refresh ttl is 300 seconds+
+Tue Jul 14 12:16:38.0741 getldap_set_refresh_ttl:(6) refresh ttl is 150 seconds+
+Tue Jul 14 12:16:38.0755 Error: Unable to refresh profile:profile3:Session error no available conn.+
+Tue Jul 14 12:16:38.0756 Error: Unable to update from profile+
+{color:#ff6600}Here is the out from /var/adm/messages.+
+{color:#000000}Jul 14 12:16:38 ldap300 ldap_cachemgr[19726]: [ID 293258 daemon.warning] libsldap: Status: 81 Mesg: openConnection: simple bind fai{color}+{color:#000000}+led - Can't contact LDAP server+
+Jul 14 12:16:38 ldap300 ldap_cachemgr[19726]: [ID 292100 daemon.warning] libsldap: could not remove 192.168.190.146 from servers list+
+Jul 14 12:16:38 ldap300 ldap_cachemgr[19726]: [ID 293258 daemon.warning] libsldap: Status: 7 Mesg: Session error no available conn.+
+Jul 14 12:16:38 ldap300 ldap_cachemgr[19726]: [ID 186574 daemon.error] Error: Unable to refresh profile:profile3: Session error no available conn.+
+Jul 14 12:16:38 ldap300 /usr/lib/nfs/nfsmapid[19731]: [ID 293258 daemon.warning] libsldap: Status: 81 Mesg: openConnection: simple+ +bind failed - Can't contact LDAP server+
+Jul 14 12:16:38 ldap300 /usr/lib/nfs/nfsmapid[19731]: [ID 292100 daemon.warning] libsldap: could not remove 192.168.190.146 from servers list+
+Jul 14 12:16:38 ldap300 /usr/lib/nfs/nfsmapid[19731]: [ID 293258 daemon.warning] libsldap: Status: 7 Mesg: Session error no avaible conn.+
*ANY HELP IS GREATLY APPRECIATED*
*THANKS*
Edited by: PranavPatel on Jul 14, 2009 12:41 PM
Edited by: PranavPatel on Jul 14, 2009 12:46 PMHere is the the profile from Server
Non-editable attributes
dn: cn=profile3,ou=profile,dc=mydomain,dc=com
authenticationmethod: tls:simple
bindtimelimit: 10
cn: profile3
credentiallevel: proxy
defaultsearchbase: dc=mydomain,dc=com
defaultsearchscope: one
defaultserverlist: 192.168.190.146 192.168.11.221
followreferrals: FALSE
objectclass: top
objectclass: DUAConfigProfile
profilettl: 43200
searchtimelimit: 30
serviceauthenticationmethod: passwd-cmd:tls:simple
serviceauthenticationmethod: keyserv:tls:simple
serviceauthenticationmethod: pam_ldap:tls:simple
Editable attributes:
createtimestamp: 20090714180638Z
creatorsname: cn=directory manager
entrydn: cn=profile3,ou=profile,dc=mydomain,dc=com
entryid: 26
hassubordinates: FALSE
modifiersname: cn=directory manager
modifytimestamp: 20090714180638Z
nsuniqueid: f37fa281-70a011de-80b5f403-069e0ba9
numsubordinates: 0
parentid: 13
subschemasubentry: cn=schema
And here is the output of
*# ldapclient list*
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=mydomain,dc=com
+NS_LDAP_BINDPASSWD= {NS1}67eb0f447bc0f619+
NS_LDAP_SERVERS= 192.168.190.146, 192.168.11.221
NS_LDAP_SEARCH_BASEDN= dc=mydomain,dc=com
NS_LDAP_AUTH= tls:simple
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_CACHETTL= 43200
NS_LDAP_PROFILE= profile3
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_BIND_TIME= 10
NS_LDAP_SERVICE_AUTH_METHOD= pam_ldap:tls:simple
NS_LDAP_SERVICE_AUTH_METHOD= keyserv:tls:simple
NS_LDAP_SERVICE_AUTH_METHOD= passwd-cmd:tls:simple
NS_LDAP_HOST_CERTPATH= /var/ldap
Edited by: PranavPatel on Jul 14, 2009 1:08 PM -
How Redirect browser(client) based on non-negotiable SSL/TLS protocol or cipher
Hi guys,
we have a security requirement wherein we have to force the browsers accessing our asp.net application hosted on windows server 2012 to have atleast tsl 1.1 , but we don't want to simply block the request, instead we would like to redirect the request
to a unsecured static html page with the instructions on how to get them onto tsl.
can any one help me here?>? actually i found a similar and exactly same thread on stackoverflow but i think that is probably directed towards linux family. http://serverfault.com/questions/591188/redirect-browser-based-on-non-negotiable-ssl-tls-protocol-or-cipher
please help me guys..
ps: i have posted the same question on IIS forum (http://forums.iis.net/t/1223352.aspx?How+Redirect+browser+client+based+on+non+negotiable+SSL+TLS+protocol+or+cipher+from+IIS)
and got a reply saying that it can be done at windows kernel level(possibly).Hi,
As far as I know, once SSL handshake fails, no subsequent communication would occur between the server and client.
Therefore, as the way I see it, the goal cannot be achieved.
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected] -
Solaris 8, pam_ldap and SSL/TLS
Has anyone got the experience of compiling and installing pam_ldap (padl version) with ssl/tls support on Solaris 8? I tried compiling pam_ldap with Netscape LDAP SDK, but it failed to compile ldap_ssl.h . So I am wondering... is that something I can do on solaris 8? (I am using iDS 5.1)
Error received on compilation:
# ./configure with-ldap-lib=netscape5 with-ldap-dir=/ldapsdk
loading cache ../config.cache
checking host system type... sparc-sun-solaris2.8
checking target system type... sparc-sun-solaris2.8
checking build system type... sparc-sun-solaris2.8
checking for a BSD compatible install... ../install-sh -c
checking whether build environment is sane... yes
checking for mawk... no
checking for gawk... no
checking for nawk... nawk
checking whether make sets ${MAKE}... yes
checking for working aclocal... missing
checking for working autoconf... found
checking for working automake... missing
checking for working autoheader... found
checking for working makeinfo... missing
checking for gnutar... no
checking for gtar... no
checking for tar... tar
checking for gcc... gcc
checking whether the C compiler (gcc ) works... yes
checking whether the C compiler (gcc ) is a cross-compiler... no
checking whether we are using GNU C... yes
checking whether gcc accepts -g... yes
checking how to run the C preprocessor... gcc -E
checking for a BSD compatible install... ../install-sh -c
checking for security/pam_appl.h... yes
checking for security/pam_misc.h... no
checking for security/pam_modules.h... yes
checking for pam/pam_appl.h... no
checking for pam/pam_misc.h... no
checking for pam/pam_modules.h... no
checking for des.h... no
checking for crypt.h... yes
checking for lber.h... yes
checking for ldap.h... yes
checking for ldap_ssl.h... yes
checking for main in -ldl... yes
checking for main in -lpam... yes
checking for main in -lresolv... yes
checking for main in -lcrypt... yes
checking for main in -lnsl... yes
checking for gethostbyname... yes
checking for main in -lldap50... yes
checking for main in -lpthread... yes
checking for ldap_init... yes
checking for ldap_get_lderrno... yes
checking for ldap_set_lderrno... yes
checking for ldap_parse_result... yes
checking for ldap_memfree... yes
checking for ldap_controls_free... yes
checking for ldap_set_option... yes
checking for ldap_get_option... yes
checking for ldapssl_init... yes
checking for ldap_start_tls_s... no
checking for ldap_pvt_tls_set_option... no
checking for ldap_initialize... no
checking for gethostbyname_r... yes
checking whether gethostbyname_r takes 6 arguments... 5
checking for ldap_set_rebind_proc... yes
checking whether ldap_set_rebind_proc takes 3 arguments... 3
updating cache ../config.cache
creating ./config.status
creating Makefile
creating config.h
# make
cd . && /padl/pam_ldap-161/missing aclocal
WARNING: `aclocal' is missing on your system. You should only need it if
you modified `acinclude.m4' or `configure.in'. You might want
to install the `Automake' and `Perl' packages. Grab them from
any GNU archive site.
cd . && /padl/pam_ldap-161/missing automake --gnu Makefile
WARNING: `automake' is missing on your system. You should only need it if
you modified `Makefile.am', `acinclude.m4' or `configure.in'.
You might want to install the `Automake' and `Perl' packages.
Grab them from any GNU archive site.
cd . && autoconf
/bin/sh ../config.status --recheck
running /bin/sh ./configure with-ldap-lib=netscape5 with-ldap-dir=/ldapsdk no-create no-recursion
checking build system type... sparc-sun-solaris2.8
checking host system type... sparc-sun-solaris2.8
checking target system type... sparc-sun-solaris2.8
checking for a BSD-compatible install... ../install-sh -c
checking whether build environment is sane... yes
checking for gawk... no
checking for mawk... no
checking for nawk... nawk
checking whether make sets $(MAKE)... yes
checking for working aclocal... missing
checking for working autoconf... found
checking for working automake... missing
checking for working autoheader... found
checking for working makeinfo... missing
checking for gnutar... no
checking for gtar... no
checking for tar... tar
checking for gcc... gcc
checking for C compiler default output... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking how to run the C preprocessor... gcc -E
checking for a BSD-compatible install... ../install-sh -c
checking for egrep... egrep
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... no
checking for unistd.h... yes
checking security/pam_appl.h usability... yes
checking security/pam_appl.h presence... yes
checking for security/pam_appl.h... yes
checking security/pam_misc.h usability... no
checking security/pam_misc.h presence... no
checking for security/pam_misc.h... no
checking security/pam_modules.h usability... no
checking security/pam_modules.h presence... yes
configure: WARNING: security/pam_modules.h: present but cannot be compiled
configure: WARNING: security/pam_modules.h: check for missing prerequisite headers?
configure: WARNING: security/pam_modules.h: proceeding with the preprocessor's result
configure: WARNING: ## ------------------------------------ ##
configure: WARNING: ## Report this to [email protected]. ##
configure: WARNING: ## ------------------------------------ ##
checking for security/pam_modules.h... yes
checking pam/pam_appl.h usability... no
checking pam/pam_appl.h presence... no
checking for pam/pam_appl.h... no
checking pam/pam_misc.h usability... no
checking pam/pam_misc.h presence... no
checking for pam/pam_misc.h... no
checking pam/pam_modules.h usability... no
checking pam/pam_modules.h presence... no
checking for pam/pam_modules.h... no
checking des.h usability... no
checking des.h presence... no
checking for des.h... no
checking crypt.h usability... yes
checking crypt.h presence... yes
checking for crypt.h... yes
checking lber.h usability... yes
checking lber.h presence... yes
checking for lber.h... yes
checking ldap.h usability... yes
checking ldap.h presence... yes
checking for ldap.h... yes
checking ldap_ssl.h usability... no
checking ldap_ssl.h presence... yes
configure: WARNING: ldap_ssl.h: present but cannot be compiled
configure: WARNING: ldap_ssl.h: check for missing prerequisite headers?
configure: WARNING: ldap_ssl.h: proceeding with the preprocessor's result
configure: WARNING: ## ------------------------------------ ##
configure: WARNING: ## Report this to [email protected]. ##
configure: WARNING: ## ------------------------------------ ##
checking for ldap_ssl.h... yes
checking for main in -ldl... yes
checking for main in -lpam... yes
checking for main in -lresolv... yes
checking for main in -lcrypt... yes
checking for main in -lnsl... yes
checking for gethostbyname... yes
checking for main in -lldap50... yes
checking for main in -lpthread... yes
checking for ldap_init... yes
checking for ldap_get_lderrno... yes
checking for ldap_set_lderrno... yes
checking for ldap_parse_result... yes
checking for ldap_memfree... yes
checking for ldap_controls_free... yes
checking for ldap_set_option... yes
checking for ldap_get_option... yes
checking for ldapssl_init... yes
checking for ldap_start_tls_s... no
checking for ldap_pvt_tls_set_option... no
checking for ldap_initialize... no
checking for gethostbyname_r... yes
checking whether gethostbyname_r takes 6 arguments... 5
checking for ldap_set_rebind_proc... yes
checking whether ldap_set_rebind_proc takes 3 arguments... 3
configure: creating ../config.status
cd . \
&& CONFIG_FILES=Makefile CONFIG_HEADERS= /bin/sh ./config.status
config.status: creating Makefile
config.status: executing default-1 commands
gcc -DHAVE_CONFIG_H -DLDAP_REFERRALS -D_REENTRANT -I/ldapsdk/include -g -O2 -Wall -fPIC -c -o pam_ldap.o pam_ldap.c
gcc -DHAVE_CONFIG_H -DLDAP_REFERRALS -D_REENTRANT -I/ldapsdk/include -g -O2 -Wall -fPIC -c -o md5.o md5.c
/usr/ccs/bin/ld -o pam_ldap.so -B dynamic -M ../exports.solaris -G -B group -lc -L/ldapsdk/lib -R/ldapsdk/lib pam_ldap.o md5.o -lpthread -lldap50 -lssldap50 -lssl3 -lnss3 -lnspr4 -lprldap50 -lplc4 -lplds4 -lnsl -lcrypt -lresolv -lpam -ldl
cd . && autoheader
WARNING: Using auxiliary files such as `acconfig.h', `config.h.bot'
WARNING: and `config.h.top', to define templates for `config.h.in'
WARNING: is deprecated and discouraged.
WARNING: Using the third argument of `AC_DEFINE' and
WARNING: `AC_DEFINE_UNQUOTED' allows to define a template without
WARNING: `acconfig.h':
WARNING: AC_DEFINE([NEED_MAIN], 1,
WARNING: [Define if a function `main' is needed.])
WARNING: More sophisticated templates can also be produced, see the
WARNING: documentation.
cd . \
&& CONFIG_FILES= CONFIG_HEADERS=config.h \
/bin/bash ../config.status
config.status: creating config.h
config.status: executing default-1 commandsHas anyone got the experience of compiling and installing pam_ldap (padl version) with ssl/tls support on Solaris 8? I tried compiling pam_ldap with Netscape LDAP SDK, but it failed to compile ldap_ssl.h . So I am wondering... is that something I can do on solaris 8? (I am using iDS 5.1)
Error received on compilation:
# ./configure with-ldap-lib=netscape5 with-ldap-dir=/ldapsdk
loading cache ../config.cache
checking host system type... sparc-sun-solaris2.8
checking target system type... sparc-sun-solaris2.8
checking build system type... sparc-sun-solaris2.8
checking for a BSD compatible install... ../install-sh -c
checking whether build environment is sane... yes
checking for mawk... no
checking for gawk... no
checking for nawk... nawk
checking whether make sets ${MAKE}... yes
checking for working aclocal... missing
checking for working autoconf... found
checking for working automake... missing
checking for working autoheader... found
checking for working makeinfo... missing
checking for gnutar... no
checking for gtar... no
checking for tar... tar
checking for gcc... gcc
checking whether the C compiler (gcc ) works... yes
checking whether the C compiler (gcc ) is a cross-compiler... no
checking whether we are using GNU C... yes
checking whether gcc accepts -g... yes
checking how to run the C preprocessor... gcc -E
checking for a BSD compatible install... ../install-sh -c
checking for security/pam_appl.h... yes
checking for security/pam_misc.h... no
checking for security/pam_modules.h... yes
checking for pam/pam_appl.h... no
checking for pam/pam_misc.h... no
checking for pam/pam_modules.h... no
checking for des.h... no
checking for crypt.h... yes
checking for lber.h... yes
checking for ldap.h... yes
checking for ldap_ssl.h... yes
checking for main in -ldl... yes
checking for main in -lpam... yes
checking for main in -lresolv... yes
checking for main in -lcrypt... yes
checking for main in -lnsl... yes
checking for gethostbyname... yes
checking for main in -lldap50... yes
checking for main in -lpthread... yes
checking for ldap_init... yes
checking for ldap_get_lderrno... yes
checking for ldap_set_lderrno... yes
checking for ldap_parse_result... yes
checking for ldap_memfree... yes
checking for ldap_controls_free... yes
checking for ldap_set_option... yes
checking for ldap_get_option... yes
checking for ldapssl_init... yes
checking for ldap_start_tls_s... no
checking for ldap_pvt_tls_set_option... no
checking for ldap_initialize... no
checking for gethostbyname_r... yes
checking whether gethostbyname_r takes 6 arguments... 5
checking for ldap_set_rebind_proc... yes
checking whether ldap_set_rebind_proc takes 3 arguments... 3
updating cache ../config.cache
creating ./config.status
creating Makefile
creating config.h
# make
cd . && /padl/pam_ldap-161/missing aclocal
WARNING: `aclocal' is missing on your system. You should only need it if
you modified `acinclude.m4' or `configure.in'. You might want
to install the `Automake' and `Perl' packages. Grab them from
any GNU archive site.
cd . && /padl/pam_ldap-161/missing automake --gnu Makefile
WARNING: `automake' is missing on your system. You should only need it if
you modified `Makefile.am', `acinclude.m4' or `configure.in'.
You might want to install the `Automake' and `Perl' packages.
Grab them from any GNU archive site.
cd . && autoconf
/bin/sh ../config.status --recheck
running /bin/sh ./configure with-ldap-lib=netscape5 with-ldap-dir=/ldapsdk no-create no-recursion
checking build system type... sparc-sun-solaris2.8
checking host system type... sparc-sun-solaris2.8
checking target system type... sparc-sun-solaris2.8
checking for a BSD-compatible install... ../install-sh -c
checking whether build environment is sane... yes
checking for gawk... no
checking for mawk... no
checking for nawk... nawk
checking whether make sets $(MAKE)... yes
checking for working aclocal... missing
checking for working autoconf... found
checking for working automake... missing
checking for working autoheader... found
checking for working makeinfo... missing
checking for gnutar... no
checking for gtar... no
checking for tar... tar
checking for gcc... gcc
checking for C compiler default output... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking how to run the C preprocessor... gcc -E
checking for a BSD-compatible install... ../install-sh -c
checking for egrep... egrep
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... no
checking for unistd.h... yes
checking security/pam_appl.h usability... yes
checking security/pam_appl.h presence... yes
checking for security/pam_appl.h... yes
checking security/pam_misc.h usability... no
checking security/pam_misc.h presence... no
checking for security/pam_misc.h... no
checking security/pam_modules.h usability... no
checking security/pam_modules.h presence... yes
configure: WARNING: security/pam_modules.h: present but cannot be compiled
configure: WARNING: security/pam_modules.h: check for missing prerequisite headers?
configure: WARNING: security/pam_modules.h: proceeding with the preprocessor's result
configure: WARNING: ## ------------------------------------ ##
configure: WARNING: ## Report this to [email protected]. ##
configure: WARNING: ## ------------------------------------ ##
checking for security/pam_modules.h... yes
checking pam/pam_appl.h usability... no
checking pam/pam_appl.h presence... no
checking for pam/pam_appl.h... no
checking pam/pam_misc.h usability... no
checking pam/pam_misc.h presence... no
checking for pam/pam_misc.h... no
checking pam/pam_modules.h usability... no
checking pam/pam_modules.h presence... no
checking for pam/pam_modules.h... no
checking des.h usability... no
checking des.h presence... no
checking for des.h... no
checking crypt.h usability... yes
checking crypt.h presence... yes
checking for crypt.h... yes
checking lber.h usability... yes
checking lber.h presence... yes
checking for lber.h... yes
checking ldap.h usability... yes
checking ldap.h presence... yes
checking for ldap.h... yes
checking ldap_ssl.h usability... no
checking ldap_ssl.h presence... yes
configure: WARNING: ldap_ssl.h: present but cannot be compiled
configure: WARNING: ldap_ssl.h: check for missing prerequisite headers?
configure: WARNING: ldap_ssl.h: proceeding with the preprocessor's result
configure: WARNING: ## ------------------------------------ ##
configure: WARNING: ## Report this to [email protected]. ##
configure: WARNING: ## ------------------------------------ ##
checking for ldap_ssl.h... yes
checking for main in -ldl... yes
checking for main in -lpam... yes
checking for main in -lresolv... yes
checking for main in -lcrypt... yes
checking for main in -lnsl... yes
checking for gethostbyname... yes
checking for main in -lldap50... yes
checking for main in -lpthread... yes
checking for ldap_init... yes
checking for ldap_get_lderrno... yes
checking for ldap_set_lderrno... yes
checking for ldap_parse_result... yes
checking for ldap_memfree... yes
checking for ldap_controls_free... yes
checking for ldap_set_option... yes
checking for ldap_get_option... yes
checking for ldapssl_init... yes
checking for ldap_start_tls_s... no
checking for ldap_pvt_tls_set_option... no
checking for ldap_initialize... no
checking for gethostbyname_r... yes
checking whether gethostbyname_r takes 6 arguments... 5
checking for ldap_set_rebind_proc... yes
checking whether ldap_set_rebind_proc takes 3 arguments... 3
configure: creating ../config.status
cd . \
&& CONFIG_FILES=Makefile CONFIG_HEADERS= /bin/sh ./config.status
config.status: creating Makefile
config.status: executing default-1 commands
gcc -DHAVE_CONFIG_H -DLDAP_REFERRALS -D_REENTRANT -I/ldapsdk/include -g -O2 -Wall -fPIC -c -o pam_ldap.o pam_ldap.c
gcc -DHAVE_CONFIG_H -DLDAP_REFERRALS -D_REENTRANT -I/ldapsdk/include -g -O2 -Wall -fPIC -c -o md5.o md5.c
/usr/ccs/bin/ld -o pam_ldap.so -B dynamic -M ../exports.solaris -G -B group -lc -L/ldapsdk/lib -R/ldapsdk/lib pam_ldap.o md5.o -lpthread -lldap50 -lssldap50 -lssl3 -lnss3 -lnspr4 -lprldap50 -lplc4 -lplds4 -lnsl -lcrypt -lresolv -lpam -ldl
cd . && autoheader
WARNING: Using auxiliary files such as `acconfig.h', `config.h.bot'
WARNING: and `config.h.top', to define templates for `config.h.in'
WARNING: is deprecated and discouraged.
WARNING: Using the third argument of `AC_DEFINE' and
WARNING: `AC_DEFINE_UNQUOTED' allows to define a template without
WARNING: `acconfig.h':
WARNING: AC_DEFINE([NEED_MAIN], 1,
WARNING: [Define if a function `main' is needed.])
WARNING: More sophisticated templates can also be produced, see the
WARNING: documentation.
cd . \
&& CONFIG_FILES= CONFIG_HEADERS=config.h \
/bin/bash ../config.status
config.status: creating config.h
config.status: executing default-1 commands -
Solaris 10 DS5.2Q4 with SSL/TLS with Replicaton
I have been working on configuring DS5.2Q4 on Solaris 10 11/06. I have been successful with Gary Tay's documentation (a few changes for new syntax and svcs). My current configuration only has one ldap server and using self signed certs.
I would now like to move to the next step of maintaining my ssl/tls but adding another master with replication.
Here are a couple of my questions.
1) How do I configure my clients to work with both replication master servers. I am a little confused since the certs in my client are assigned to only one of my masters. Do both masters need the same cert, or is there a way to allow for both certs to be loated on the client (/var/ldap).
2) Enable secure replication. I have not looked too deep into this yet, but that is my plan.
As a final note, I would like to thank Gary Tay for all of his feedback and documentation. I find that Sun often lacks step by step procedures for tasks such as this. Thanks!I have been working on configuring DS5.2Q4 on Solaris 10 11/06. I have been successful with Gary Tay's documentation (a few changes for new syntax and svcs). My current configuration only has one ldap server and using self signed certs.
I would now like to move to the next step of maintaining my ssl/tls but adding another master with replication.
Here are a couple of my questions.
1) How do I configure my clients to work with both replication master servers. I am a little confused since the certs in my client are assigned to only one of my masters. Do both masters need the same cert, or is there a way to allow for both certs to be loated on the client (/var/ldap).
2) Enable secure replication. I have not looked too deep into this yet, but that is my plan.
As a final note, I would like to thank Gary Tay for all of his feedback and documentation. I find that Sun often lacks step by step procedures for tasks such as this. Thanks! -
How Redirect browser(client) based on non-negotiable SSL/TLS protocol
Hi guys,
we have a security requirement wherein we required to force the browsers accessing our application to have atleast tsl 1.1 , but we don't want to simply block the request, instead we would like to redirect the request to a unsecured static html page with the
instructions on how to get them onto tsl.
can any one help me here?>? actually i found a similar and exactly same thread on stackoverflow but i think that is probably directed towards linux family. http://serverfault.com/questions/591188/redirect-browser-based-on-non-negotiable-ssl-tls-protocol-or-cipher
ps: i have posted the same question on IIS forum (http://forums.iis.net/t/1223352.aspx?How+Redirect+browser+client+based+on+non+negotiable+SSL+TLS+protocol+or+cipher+from+IIS) and got a reply saying
that it can be done at windows kernel level(possibly by making use of
http.sys, ksecdd.sys and schannel).
can any one help me here guys.
Thanks,
HaroonHi,
As far as I know, once SSL handshake fails, no subsequent communication would occur between the server and client.
Therefore, as the way I see it, the goal cannot be achieved.
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected] -
I know there are loads of posts with same issue and most of them were related to proxy and connectivity .
This was case for me as well (few months back). Now the same error is back. But I've confirmed that FW ports and proxy are fine this time around.
server is configured on http port 80
ERROR
Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid
according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request). Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WSyncAction.WSyncAction.SyncWSUS
I've checked proxy server connectivity. I'm able browse following site from WSUS server
http://catalog.update.microsoft.com/v7/site/Home.aspx?sku=wsus&version=3.2.7600.226&protocol=1.8
I did telnet proxy server on the particular port (8080) and that is also fine.
I've doubt on certificates, any idea which are the certificates which we need to look? And if certificate is expired then (my guess) we won't be able open the above mentioned windows update catalog site?
Any tips appreciated !
Anoop C Nair (My Blog www.AnoopCNair.com)
- Twitter @anoopmannur -
FaceBook Forum For SCCMHi Lawrence ! - Many thanks for looking into this thread and replying. Appreciate your help.
Your reply ("SSL is enabled/configured, and the certificate being used is invalid
(or the cert does not exist or cannot be obtained), or the SSL connection could not be established.") is very helpful.
I've already tested CONTENT DOWNLOAD and it's working fine. WSUS Sync was also working fine for years with proxy server configured on port (8080) and WSUS server on port 80.
My Guess (this is my best guess ;)) is this something to do with Firewall or Proxy side configuration rather than WSUS. However, I'm not finding a way to prove this to proxy/firewall team. From their perspective all the required port communication open and
proxy server is also reachable. More over we're able to access internet (Microsoft Update Catalog site) over same port (8080).
Any other hints where I can prove them it's a sure shot problem from their side.
Thanks again !!
Anoop C Nair (My Blog www.AnoopCNair.com)
- Twitter @anoopmannur -
FaceBook Forum For SCCM -
Hi, experts
I'm trying to configure a lab environment according tutorial http://www.msexchange.org/articles-tutorials/exchange-server-2010/compliance-policies-archiving/rights-management-server-exchange-2010-part3.html
After completing configuration, I execute cmdlet Set-IRMConfiguration -InternalLicensingEnabled $true, but get error
The remote certificate is invalid according to the validation procedure. ---> The underlying connection was closed: Cou
ld not establish trust relationship for the SSL/TLS secure channel. ---> Failed to get Server Info from https://exhv-65
94/_wmcs/certification/server.asmx.
+ CategoryInfo : InvalidOperation: (:) [Set-IRMConfiguration], Exception
+ FullyQualifiedErrorId : C810E449,Microsoft.Exchange.Management.RightsManagement.SetIRMConfiguration
Then I run cmdlet Test-IRMConfiguration -Sender [email protected] and get error
Results : Checking Exchange Server ...
- PASS: Exchange Server is running in Enterprise.
Loading IRM configuration ...
- PASS: IRM configuration loaded successfully.
Retrieving RMS Certification Uri ...
- PASS: RMS Certification Uri: https://server1/_wmcs/certification.
Verifying RMS version for https://server1/_wmcs/certification ...
- WARNING: Failed to verify RMS version. IRM features require AD RMS on Windows Server 2008 SP2 with the
hotfixes specified in Knowledge Base article 973247 (http://go.microsoft.com/fwlink/?linkid=3052&kbid=973247)
or AD RMS on Windows Server 2008 R2.
Microsoft.Exchange.Security.RightsManagement.RightsManagementException: Failed to get Server Info from https:
//server1/_wmcs/certification/server.asmx. ---> System.Net.WebException: The underlying connection was clos
ed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authenticatio
n.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest async
Request, Exception exception)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest async
Request)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest async
Request)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest async
Request)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequ
est asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Obje
ct state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.Exchange.Security.RightsManagement.SOAP.Server.ServerWS.GetServerInfo(ServerInfoRequest[] req
uests)
at Microsoft.Exchange.Security.RightsManagement.ServerWSManager.ValidateServiceVersion(String featureXPath
--- End of inner exception stack trace ---
at Microsoft.Exchange.Security.RightsManagement.ServerWSManager.ValidateServiceVersion(String featureXPath
at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.ValidateRmsVersion(Uri uri, Se
rviceType serviceType)
at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.TryGetRacAndClc()
OVERALL RESULT: PASS with warnings on disabled features
From the error message, this issue seem to related with SSL/TLS connection. So I go back to check configuration and find out a difference to tutorial. Current SCP url is https://server1/_wmcs/certification, but in tutorial it is https://server1:433/_wmcs/certification.
On my opinion, I don't think it is the real reason.
So, how can I resolve this error? Could you give me some suggestion? Thanks in advance.
System Info:
Windows Server 2008 R2 + Exchange Server 2010 SP3 RTMHi
Please have a try with the solution on this KB article
“Error message when you try to test access from the Microsoft Dynamics CRM E-mail Router: "Incoming Status: Failure - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel"”
http://support.microsoft.com/kb/954584/en-us
Cheers
Zi Feng
TechNet Community Support -
OD SSL (Client Binding Issues)
Hi,
I am having issues binding my client machines to my server. My OD has a SSL which is a standard UCC SSL, when I connect my clients it asks me if I want to trust the server I say yes then it finishes binding. I then look and see a red dot next to the OD name i just binded to, if I click on it it says server not responding. If I uncheck SSL in the ldap tab everything is perfect, but I would really like it if I could use SSL on my OD for extra protection. Anyone have any suggestions.Hmmm...still running into the same issue...do I need to give the cert reference text file certain permissions in order to work?
I have followed the advice on afp548, and have a self-rolled CA with a self-assigned cert for the server, which is also the dns name of the server. I copied the CA hash and pointed to that instead of the self-signed cert hash, but still...no dice.
-j -
Simple bind failed: adserver:636 -- While connecting to AD from OIM
Hi,
I am using OIM 9102 BP 11.
AD Connector version -- MSFT_AD_Base_91150
App Serv -- Weblogic
Database -- oracle 10g.
I am trying to provision passwords form OIM to AD.
The connector is working fine over non-SSL (389).
I have exported the ROOT CA from AD machine and imported the same through keytool IMport command to OIM Cert Keystore,
When i try to provision a user to AD over SSL (636), I am getting thie below exception
ERROR,01 Feb 2011 10:08:43,509,[OIMCP.ADCS],================= Start Stack Trace =======================
ERROR,01 Feb 2011 10:08:43,509,[OIMCP.ADCS],com.thortech.xl.integration.ActiveDirectory.tcUtilADTasks : createUser
ERROR,01 Feb 2011 10:08:43,509,[OIMCP.ADCS],simple bind failed: adserver:636
ERROR,01 Feb 2011 10:08:43,509,[OIMCP.ADCS],Description : simple bind failed: <hostname>:636
ERROR,01 Feb 2011 10:08:43,509,[OIMCP.ADCS],com.thortech.xl.exception.ConnectionException: simple bind failed: adserver:636
at com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController.connectToAvailableAD(Unknown Source)
at com.thortech.xl.integration.ActiveDirectory.tcUtilADTasks.createUser(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADCSCREATEUSER.ADCREATEUSER(adpADCSCREATEUSER.java:224)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADCSCREATEUSER.implementation(adpADCSCREATEUSER.java:91)
at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
Can anybody please help me in this, I am trying the same since 3 days but no luck.
STEPS to generate the Certificate from AD:
1. Installed the Certificate Authority from Add\Remove Windows Components.
2. Generated a Certificate Request in IIS by accessing CertSrv.
3. Issued the same certificate and imported that to the keystore of OIM server.
The AD is not responding over SSL (636). When I try to access the AD machine through expolrer as
https:<adhost>:636
Its not prompting to import the certificate. Also I am not able to connect to AD from LDAP browser.
Request you to kindly help me on this ASAP.[Start of UME Service Failed |http://help.sap.com/saphelp_nw04/helpdata/en/20/361941edd5ef23e10000000a155106/frameset.htm]check this same exception got resolved..
one more thing, Have you uploaded the LDAP servers certificate in the TrustedCAS of the keystore in Visual Admin in the WAS server? If you are using LDAP ssl the connection to the server will expect a certificate if you dont have the trust enabled you wont be able to connect
Thanks
Maybe you are looking for
-
Removing podcast episodes from iTunes 12 but keeping the files
I want to be able to remove a podcast episode from iTunes 12 but keep the audio file on my computer. This used to be an option, but now I am no longer asked if I want to keep the file. It's just automatically moved to the Trash. I like to archive pod
-
"itunes has stopped working" when closing itunes Windows Vista
Since November 2007, when I close itunes, I get Windows Vista error "itunes has stopped working" This got worse when it corrupted the itunes library itl file. I deinstalled QT and itunes version 7.5, and went back to version 7.4.3.1 - but the problem
-
Applet, Frame and fullscreen
Hi! Have an application wich is a Applet and also can run as a desktop program. The fullscreen desktop function some time ago sotpped work, now I have been testing to discover the problem and discovered the Applet does not work correctly when inside
-
No Final Cut Pro application icon visible !!
Hi, another newbie here. I am a complete novice - I have only just gotten round to loading all the applications for Final Cut Studio (FCP is version 6 - I bought the software 2 years ago as part of a total package, and till now I have just been using
-
Why we maintain the profit centre in MM module?
Hello, I want know, why we maintain the profit centre in MM module? Ram Rathode.