Question

Locked

RSA Authentication Manager cannot talk to LDAP

By aapierides ·
Tags: Security
Hello All!

I am new with RSA and I have a simple problem, where I cannot find a simple answer!

I have setup RSA Authentication Manager 8.1 with a replica instance, added to our domain and everythign is ok up to this point! No issues with DNS, I can ping the server from our network and our domain controller, but I cannot make it connect to LDAP so I can pull the user object details from there.

I go to RSA Operations console then select Deployment Configuration - Identiny Sources - Add New. Then under type I have selected MS AD andunder Directory URL we have tried the following:

domain_controller.contoso.local
ldaps://domain_controller/
ldaps://domain_controller.contoso.local/
ldaps://domain_controller:389/
ldaps://domain_controller.contoso.local:389/

Under Directory User ID we have tried the following:
ldap_user_name
cn= ldap_user_name,cn=OU,dc=contoso,dc=local

Directory Password: ldap_user_name_password

I tried the above in most possible combinations with no success. Please note that the above credentials work on other systems that we use with LDAP authentication. Also since the RSA server and the Domain controller are in the same subnet (interal and behind firewalls) I do not see necessary to use an SSL certificate to encrypt the communications between those two servers.

Any ideas nad or suggestion would be gratly appreciated!

Thanks in advance,

Alex

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

ldaps

by BFilmFan In reply to RSA Authentication Manage ...

Secure ldap is on port 636. Since Windows 2003 R3, you would need to provide a domain account and password to authenticate first and then perform a ldap query

You do not need a security certificate to perform a ldap query if you are using Kerberos as your authentication protocol, as the tunell is encrypted to the global catalog on port 88l. Note that you will need a GC and not a domain controller to login. A domain controller can only only authenticate a previously loged in user.

Typical LDAP query is for a domain dc=contoso,dc=com. Note that .local traffic is not routable and may be the source of your issue.

Collapse -

Good point abou the port!

by aapierides In reply to ldaps

Your comment about port 636 actually solved my issue! I just added the domain as: ldap://domain_controller/, not ldaps and connection successful!

Thanks a lot!

Back to Security Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums