Thread:Extension talk:LDAP Authentication/ SSL not working LDAP works, not secure though

LDAP auhtentication works but I fail to get SSL to work properly. Please assist.

Steps: 1:> Configured Localsettings.php:

$wgLDAPDebug = 3; $wgDebugLogGroups["ldap"] = "C:\log\ldap.log" ; $wgLDAPDomainNames = array('DOMAIN',); $wgLDAPServerNames = array('DOMAIN' => 'ldapserver.domain.com',); $wgLDAPSearchStrings = array('DOMAIN' => 'DOMAIN\\USER-NAME',); $wgLDAPEncryptionType = array('DOMAIN' => 'ssl',); $wgLDAPBaseDNs = array('DOMAIN' => 'OU=Users,OU=Accounts,OU=HQ,OU=***,DC=***,DC=***,DC=***,DC=***'); $wgLDAPSearchAttributes = array('DOMAIN' => 'sAMAccountName'); $wgLDAPProxyAgent = array("DOMAIN"=>"*****"); $wgLDAPProxyAgentPassword = array("DOMAIN"=>"*****"); $wgLDAPUpdateLDAP = array("DOMAIN"=>false); $wgLDAPAddLDAPUsers = array("DOMAIN"=>false); $wgLDAPPreferences = array( 'DOMAIN' => true );

2:> Created ldap.conf file at fixed Windows location:

C:\openldap\sysconf\ldap.conf

3:> Retrieved the LDAP server certificate using OpenSSL:

C:\openldap\sysconf>openssl s_client -showcerts -connect ldapserver.domain.com:636 > C:\openldap\sysconf\ldap.pem

4:> Edited ldap.conf file:

TLS_CACERT C:\openldap\sysconf\ldap.pem

5:> Restarted IIS and tried to login

= Auhtentication fails

See debug below:
 * 2011-06-09 14:55:36 wikidb: Entering validDomain
 * 2011-06-09 14:55:36 wikidb: User is using a valid domain.
 * 2011-06-09 14:55:36 wikidb: Setting domain as: DOMAIN
 * 2011-06-09 14:55:36 wikidb: Entering getCanonicalName
 * 2011-06-09 14:55:36 wikidb: Username isn't empty.
 * 2011-06-09 14:55:36 wikidb: Munged username: jsmith
 * 2011-06-09 14:55:36 wikidb: Entering authenticate
 * 2011-06-09 14:55:36 wikidb:
 * 2011-06-09 14:55:36 wikidb: Entering Connect
 * 2011-06-09 14:55:36 wikidb: Using SSL
 * 2011-06-09 14:55:36 wikidb: Using servers:  ldaps://ldapserver.domain.com
 * 2011-06-09 14:55:36 wikidb: Connected successfully
 * 2011-06-09 14:55:36 wikidb: Entering getSearchString
 * 2011-06-09 14:55:36 wikidb: Doing a straight bind
 * 2011-06-09 14:55:36 wikidb: userdn is: DOMAIN\jsmith
 * 2011-06-09 14:55:36 wikidb:
 * 2011-06-09 14:55:36 wikidb: Binding as the user
 * 2011-06-09 14:55:36 wikidb: Failed to bind as DOMAIN\jsmith
 * 2011-06-09 14:55:36 wikidb: with password: *****
 * 2011-06-09 14:55:36 wikidb: Entering strict.
 * 2011-06-09 14:55:36 wikidb: Returning true in strict.
 * 2011-06-09 14:55:36 wikidb: Entering allowPasswordChange
 * 2011-06-09 14:55:36 wikidb: Entering modifyUITemplate

Used versions:
 * Mediawiki: 1.16.5
 * LDAP Authentication Plugin: 1.2b (alpha)
 * OS: Windows server 2008
 * IIS: 6.0