AD Authentication SSL

[djholly123]

Hi are there any examples on how to get the client to do SSL connection to LDAPS ? I suspect the code below is not enough.

want to use it to change password which is not allowed over LDAP://

have enabled LDAPS as per http://technet.microsoft.com/en-us/library/dd941846(v=ws.10).aspx

    var client = ldap.createClient({
        url: 'LDAPS://caa.local:636'
    });

[pfmooney]

What leads you to believe it's not adequate? An 'ldaps:' protocol URL will put ldapjs into SSL/TLS mode. (It will even change its default connect port from 389 to 636)

If it's not working for you, it would be wise to check if the server's SSL certificate trusted by the client machine. If not, you have options:

1. Disable verification (not recommended).
2. Point ldapjs a certificate chain which can verify the server's cert.

Both of those are accomplished by setting the appropriate tlsOptions values in the options object passed to createClient.

[djholly123]

Hi Many thanks for response

I was struggling with example of TLS options does this look correct ?

var tlsOptions = {
// These are necessary only if using the client certificate authentication
key: fs.readFileSync('client-key.pem'),
cert: fs.readFileSync('client-cert.pem'),

// This is necessary only if the server uses the self-signed certificate
ca: [ fs.readFileSync('server-cert.pem') ]
};

[djholly123]

hi
got it working
tlsOptions = { 'rejectUnauthorized': false }

var client = ldap.createClient({
url: 'LDAPS://foobar',
tlsOptions: tlsOptions
});

thanks