hi Mike I fixed this by adding the cert into the file specified in /etc/ldap/ldap.conf Yes this is on Ubuntu 14
Thank you for your help John On Thu, Jun 16, 2016 at 1:38 AM, Michael Hofer < [email protected]> wrote: > Hi John > > On Wed, 15 Jun 2016 13:23:15 -0700 (PDT) > John Test <[email protected]> wrote: > > Hello > > > > I am following this section on creating AD LDAPS auth for foreman > > https://theforeman.org/manuals/1.11/index.html#4.1WebInterface > > > > This is secure LDAP and here is how I exported the cert from AD > > > > 1. Go to Active Directory certificate authority MMC > > 2. right click CA -> all tasks -> backup CA > > 3. select "private key and CA certificate" > > 4. no password specific > > 5. Finish > > > > I take this and put it in > > > > /usr/local/share/ca-certificates/ > > > > Then I issue command > > > > update-ca-certificates > > > > It says it added a cert. > > > > I go back on foreman and try to login with AD creds. no go. > [...] > > Can you provide some more details? I guess you're running Foreman on > Debian / > Ubuntu? > > Do you get the error message regarding untrusted / not able to verify > connection? > > Perhaps some intermediate certs of your CA are missing. You can also > extract the > certificates through the following way: > > # echo | openssl s_client -showcerts -connect $DC_FQDN:636 > > Try to combine the intermediate and root CA certs into one file. > > Cheers > > Michael > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Foreman users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/foreman-users/UGdGpN6zB0w/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
