Hello
openfire_4_6_7 - installation on windows server in 2012,
Error when connecting to Active Directory server:
[LDAP: error code 8 - 00002028: LdapErr: DSID-0C090252, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db1]
Base DN dc=activedirectory, dc=jivesoftware, dc=com
Administrator DN user
Did according to the instructions Openfire: LDAP Guide
Help
are you trying to connect using ldap or ldap(s)? domain controllers dont support ldaps out of the box, but thats what openfire defaults do, so youāll want to change that
Thanks for the quick response!
If ldaps:
Error connecting to LDAP server. Make sure the server directory works with the specified host name and port, and that the firewall is not blocking access to the server.
If ldap:
Authentication failed with LDAP server. Check the provided credentials.
Login and password are correct
Only on one user (Administrator DN) gives an error
[LDAP: error code 8 - 00002028: LdapErr: DSID-0C090252, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db1]
if using ldap(s), and youre set up for it, then openfire will need to use the name that matches the cert.
on the ldap side, looks like youre making the connection, instead of using the user dn, try using user@domain
also, looking at your base dn, is your domain subdomain.domain.com with all the user that plan to connect under that tree?
also, the account does not need to be a privileged level account despite the term āadministratorā being used. a non-privileged account should be used, as this account is only used for connecting and reading ldap.
ldap
If I use user@domain then the error is:
[LDAP: error code 8 - 00002028: LdapErr: DSID-0C090252, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db1]
Didnāt figure it out - Iām using the base dn
introduced different users
Now same error
[LDAP: error code 8 - 00002028: LdapErr: DSID-0C090252, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db1]
for example
base dn would be dc=lab, dc=test
and my administrator dn would be Testuser1@lab.test
this allows me to search everything under lab.test
Currently, when using administrator user:
Authentication failed with LDAP server. Check the provided credentials.
If a regular user:
[LDAP: error code 8 - 00002028: LdapErr: DSID-0C090252, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db1]
uncheck startls - you can only use this if you have a certificate on your domain controller and are setup for that. most are not setup for this out of the box.
Where is it?
is āofficeā a container or an OU? is it part of the domain name like in my picture?
Yes
looks like you have 4 parts
so something like dc=office,dc=one,dc=two,dc=three
you might have also hit a bug. Iāll test thatā¦let me see if I can stand something up before I go to bed for the evening
thanks for reporting your resolution. but iirc, a simple bind should still work with ldap signing. Iāll see if I can reproduce this
Amendment:
I need to disable the LDAP server signing requirement policy.
sorry for my English
thanks for reporting your resolution.
