Thread:Extension talk:LDAP Authentication/Failed to bind as/reply (2)

Hi Lucas.

First, thanks for your config. That helped a lot! I used it and can now authenticate with AD credentials.

But connection is still in cleartext. To avoid MITM-Attacks the next step is to encrypt the connection via ssl. I changed the option: $wgLDAPEncryptionType = array('DOMAIN' => 'ssl',);

I got the Server's Certificate using openssl (on an ubuntu machine): openssl s_client -showcerts -connect server2.domain.local:636 I extracted the Certificate to a new file and tested with: openssl x509 -noout -text -in certs.pem Output was similar to the example in the documentation. So Certificatefile seems fine, no error occurred.

I placed cert-file to location: C:\openldap\sysconf\certs.pem I created ldap.conf-file: C:\openldap\sysconf\ldap.conf containing the following line TLS_CACERT C:\openldap\sysconf\certs.pem Restarted Webserver.

Debuglog still gives old errormessage. Failed to bind as... something special to consider with ssl?