How to get the plug-in work using regular LDAP on port 389

  • Brian
    # 6 years, 9 months ago

    Is there anything special we need to do to allow LDAPS? We can get the plug-in to work using regular LDAP on port 389. However, when we flip it to LDAPS and port 636, it fails immediately.

    Thanks,
    Brian

    Gaurav
    # 6 years, 9 months ago

    Hi Brian,

    LDAPs requires you to configure the web server hosting the website with the SSL certificate used to connect securely to the LDAP Server. If you let me know the web server(Apache/Nginx/IIS etc) hosting the website along with the OS, I will be able to send you the steps to configure. If the OS is Linux, please send the Linux distribution along with the version number.

    Feel free to reach out in case of any queries.

    Thanks and regards,
    Gaurav

    Brian
    # 6 years, 9 months ago

    When we attempt to connect using the LDAP connection tool in the Word Press Plug-in, we receive the error.
    We have verified the ports are open on the firewall and that the IP Address is correct.

    LDAP keeps giving a config error when trying to access the server
    Are there any special settings or config when connecting to an AD server across the Internet that is not local to the web server?

    Thanks,
    Brian

    Gaurav
    # 6 years, 9 months ago

    Hi Brian,

    LDAPs requires SSL configuration on the server hosting the website. I would require the details of the web server(OS and version) so I can send the steps for the configuration. Once the configuration is done, the connection should work.

    Thanks and regards,
    Gaurav

    Brian
    # 6 years, 9 months ago

    The server does have an SSL certificate installed. The server is Windows Server 2012 R2.

    The website developer provided this for the web server :-
    – Linux platform on a Liquid Web cloud server
    – Our AD server is a Windows 2012 R@ server.

    Thanks,
    Brian

    Gaurav
    # 6 years, 9 months ago

    Hi Brian,

    Thanks for that information.

    Can you let me know what Linux distribution it is? Also, do you have Apache/IIS?Nginx or something else?

    Thanks and regards,
    Gaurav

    Brian
    # 6 years, 9 months ago

    Debian: 1.1.3-2+d8u2
    Apache: 2.4
    MySQL: 5.5.5-10.0.30-DB-0+d8u2
    PHP: 5.6.30 (can be upped to 7 if needed)

    Thanks,
    Brian

    Gaurav
    # 6 years, 9 months ago

    Thanks for the OS information.

    It is not an issue with the plugin. It is just that LDAPs requires certificate configuration on the web server. Once that is done, connection should work.

    I will send along steps for configuration.

    Thanks and regards,
    Gaurav

    Brian
    # 6 years, 9 months ago

    The certificate is already on the web server as we are using it with other LDAPS connections from other providers. IT works fine with those providers where it is encrypted and on port 636.

    Thanks,
    Brian

    Gaurav
    # 6 years, 9 months ago

    Hi Brian,
    Can you try the following command from the web server:
    telnet <<ldap server URL>> 636
    Let me know what output you are getting. I can get on a call as well to discuss this.

    Thanks and regards,
    Gaurav

    Brian
    # 6 years, 9 months ago

    We don’t have access to the web server OS only the GUI where you can set up the mini-orange settings.

    Unfortunately, this is not possible with the current cloud host. SSH access is disabled since its a shared cloud system. To gain shell access, would require a ManagedWP account or a dedicated server with the current host or an alternate host that offers access to shell commands.

    Thanks,
    Brian

    Gaurav
    # 6 years, 9 months ago

    Hi Brian,

    Since you don’t have managed access, I can suggest you to try the Cloud LDAP Plugin instead of the Intranet version. It is specifically designed to be used on shared hosts. It routes requests to LDAP through miniOrange Cloud-based servers. So we can do the SSL configuration on our end and then see if the connection works.

    Let me know if this works for you.

    Thanks and regards,
    Gaurav

    Brian
    # 6 years, 9 months ago

    On the new cloud plug-in in WordPress, this is listed. I am in the process of entering this into a support ticket with Level 3.

    Allowed incoming requests from hosts – xx.x.xxx.xxx and xx.x.xxx.xxx by a firewall rule for the port 389(636 for SSL or ldaps) on LDAP Server.

    I have had Level 3 open ports 389 and 636 from the IP Addresses listed in the error below. However, I am still not able to connect.
    I am attempting to use the LDAP/AP Login for the Cloud WordPress plugin.

    LDAP with port 389 connected successfully. However, port 636 did not.

    Thanks,
    Brian

    Gaurav
    # 6 years, 9 months ago

    Hi Brian,

    I see that the LDAP connection works through miniOrange Servers. For LDAPs connection (over port 636), we would require the SSL Certificate used by Active Directory for secure connection. We would then configure that in miniOrange and then try the connection. Can you provide with the certificate?

    Thanks and regards,
    Gaurav

    Brian
    # 6 years, 9 months ago

    What do I need to give him? My DigiCert certificate info? I seem to recall someone at Pileum ordered a new certificate (Go Daddy perhaps?) but I can’t find anything in my emails about it.

    Brian

Viewing 15 posts - 1 through 15 (of 28 total)

The topic ‘How to get the plug-in work using regular LDAP on port 389’ is closed to new replies.