I’ve been doin research for hours and hours now and I’m at my wits end finding the entire answer so I’m hoping somewhere here has possibly done this before.
I have Active Directory on a Windows 2019 Server installation. I’ve successfully added it to user federation and syncs all seem to work correctly. The issue I immediately ran into, however, was users weren’t able to create accounts. First getting an error saying they needed to immediately change their password on account creation and then an LDAP error. After a painstaking amount of research, I’ve concluded that AD does not allow remote LDAP connections to change user passwords. The connection must be made over LDAPS. Please correct me if I’m wrong about this. ThIs is the configuration I have (I have had to combine all of my images as I’m not allowed to post more than one, I’ll reference the number of each image), Image 1:
And these are the associated errors recieved:
Image 2
So concluding I needed to setup SSL, I went looking for a tutorial for that and followed this guide here:
After getting the certificate authority setup, creating the template certificated, adding it, and exporting it, I sent it over to my Ubuntu installation.
I ran:
openssl pkcs12 -in file.pfx -out file.nokey.pem -nokeys
openssl pkcs12 -in file.pfx -out file.withkey.pem
openssl rsa -in file.withkey.pem -out file.key
cat file.nokey.pem file.key > file.combo.pem
and then followed this guide:
to add a JKS keystore. I’ve almost definitely messed this part up as I frankly have no understanding of it at all.
After changing the config to use ldaps:// instead of ldap:// I receive this error:
Image 3
Which leads me to believe my keystore isn’t working.
Can anyone help with this? I’ve tried everything I can think of but I just can’t get it to work.