• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

LDAP and LDAPS Problem

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> General >> LDAP and LDAPS Problem Page: [1]
Login
Message << Older Topic   Newer Topic >>
LDAP and LDAPS Problem - 15.Apr.2009 7:51:05 AM   
wilbudl

 

Posts: 15
Joined: 23.Jul.2008
Status: offline
Looking for some help with login problems...  I'm running a 2 server array (workgroup config) using LDAP and LDAPS for authentication.  The array is only performing reverse-proxy duties at this time.  On some of the sites which are being used as portals, I have enabled "Allow users to change password" in the web listener.  The correct certificates are in place and, in fact, the servers that I connect to via LDAPS are authenticating and all is well.  There are two domains that I use just LDAP, and these users cannot authenticate to the site at all.  I set up logging to watch for LDAP traffic, and I don't even see the servers trying to talk to the other domain controllers.  I'm baffled.  I've removed all settings for these LDAP connections and rebuilt them just to make sure the servers are reading them.  Has anyone else seen this?

Regards,
Darryl
Post #: 1
RE: LDAP and LDAPS Problem - 17.Apr.2009 12:37:57 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Hi Darryl,

Are you using login expressions to select the correct LDAP server set?

Ar you aware that password change specifically uses LDAPS only?

Does ISA has basic connectivity to the DC's - ping etc?

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to wilbudl)
Post #: 2
RE: LDAP and LDAPS Problem - 20.Apr.2009 4:53:22 PM   
wilbudl

 

Posts: 15
Joined: 23.Jul.2008
Status: offline
The login expressions are configured and reference their respective LDAP server groups.

Yes, I'm aware that the "password change" option is only supported on LDAPS.  Which is why I'm wondering if that's part of the problem.  I'm not trying to change any password with one of the unsecure connections, I'm just attempting to authentiate.

At one time, yes, I'm sure they had connectivity.  (I've probably made a blunder here as I assume that I still have connectivity.)  I'll run ldp.exe from the ISA systems to verify that I have connectivity via port 389 and get back to you.

Regards,
Darryl

(in reply to Jason Jones)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> General >> LDAP and LDAPS Problem Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts