How to get the plug-in work using regular LDAP on port 389
-
Gaurav# 6 years, 10 months ago
Hi Brian,
This needs to be the certificate of your LDAP Server which you need to provide to us. It is best you create your CSR (based on your server, location etc) and generate a SSL certificate based on that.
Thanks and regards,
GauravBrian# 6 years, 10 months agoHere is the certificate. I zipped the file so I could email it. If you need anything else, please let me know.
Thanks,
BrianGaurav# 6 years, 10 months agoHi Brian,
Thanks for the certificate. I will try to connect through our test instance and see if the connection works.
Thanks and regards,
GauravGaurav# 6 years, 10 months agoHi,
I was trying the connection to the DC from our test instances. Have you enabled access to the DC over port 636 to our production IPs alone? If that is the case, please enable it over our test instances so we can test there and then move to production. It currently fails through our test instances (even telnet fails).IP Addresses:
1) xx.xxx.xxx.xxx
2) xx.xxx.xx.xxxThanks and regards,
GauravBrian# 6 years, 10 months agoIts a managed firewall managed by our internet provider. This is the request I sent and they have performed: Can you try it from these IP addresses?
Allow incoming requests from hosts – xx.x.xxx.xxx and xx.x.xxx.xxx by a firewall rule for the port 389(636 for SSL or ldaps) on LDAP Server.
Brian
Gaurav# 6 years, 10 months agoHi Brian,
I won’t be able to test this out on production servers since this is a server-level configuration and changes to the production servers may affect other customers. Let me know when access to our production IP Address is allowed and I will do the test and update you on the status.
Thanks and regards,
GauravBrian# 6 years, 10 months agoLevel 3 has added those 2 IP addresses to the policy that allows port 636.
Brian
Gaurav# 6 years, 10 months agoHi Brian,
The connection with our test instances seems to work. I want to do an end-to-end authentication to verify the connection before moving the certificates over to production. Can I get the following:
1) Service Account Distinguished Name
2) Service Account Password
3) Test Credentials (Windows username and password) with which to verify the connection.Thanks and regards,
GauravBrian# 6 years, 10 months agoDue to our internal control policies, I can’t give that information out. Can I test it from our website now and it work?
Brian
Gaurav# 6 years, 10 months agoHi Brian,
We have created an account for you. You will receive password on your email.
You can use the link below to login.
https://test.miniorange.in
username: br.test@abc.netYou can go to “Identity Source” tab and add LDAP identity. Also, you will see test configuration button after you save your configuration.
Next step is we will set up your LDAPS certificate on our production and you can configure LDAP plugin in wordpress after that. I will let you know once done.
Let us know if you get any issue.Thanks,
GauravBrian# 6 years, 10 months agoI was able to test it successfully using 2 different Active Directory accounts so I think we are good to go. Thanks so much for your help on getting this resolved!
When can we expect this to be live? Also, what do I need to change in the WordPress plug-in to utilize your servers for authentication?
Thanks,
BrianGaurav# 6 years, 10 months agoBrian,
We have updated your certificates. You can configure it now with plugin below.
You will need to sign up or login using existing miniOrange account and add LDAP configuration inside plugin itself.Let us know how it goes.
Thanks,
Gaurav
The topic ‘How to get the plug-in work using regular LDAP on port 389’ is closed to new replies.