Looking for some help with login problems... I'm running a 2 server array (workgroup config) using LDAP and LDAPS for authentication. The array is only performing reverse-proxy duties at this time. On some of the sites which are being used as portals, I have enabled "Allow users to change password" in the web listener. The correct certificates are in place and, in fact, the servers that I connect to via LDAPS are authenticating and all is well. There are two domains that I use just LDAP, and these users cannot authenticate to the site at all. I set up logging to watch for LDAP traffic, and I don't even see the servers trying to talk to the other domain controllers. I'm baffled. I've removed all settings for these LDAP connections and rebuilt them just to make sure the servers are reading them. Has anyone else seen this?
The login expressions are configured and reference their respective LDAP server groups.
Yes, I'm aware that the "password change" option is only supported on LDAPS. Which is why I'm wondering if that's part of the problem. I'm not trying to change any password with one of the unsecure connections, I'm just attempting to authentiate.
At one time, yes, I'm sure they had connectivity. (I've probably made a blunder here as I assume that I still have connectivity.) I'll run ldp.exe from the ISA systems to verify that I have connectivity via port 389 and get back to you.