Hello,

I am trying to set up LDAPS with apache, so that users logging in to my site will be authenticated against my AD, and that this auth traffic is itself encrypted.

Apache is version 2.2.15 running on Red Hat 6.2

AD is on Windows 2008 R2

This all works with plain LDAP, it's just when I try to get it to work with LDAPS it fails.

Running a wireshark trace, I can see the TCP handshake, ([SYN],[SYN, ACK],[ACK]), then there is an 8 second delay where I would expect the ClientHello to come in, but it doesn't happen.

I just get a [FIN, ACK] from the apache side as the TCP connection is torn down.

So, how do I start troubleshooting this?

In my apache conf, I have added

LDAPTrustedGlobalCert CA_BASE64 /path/to/my/orgs/root/cert
LDAPVerifyServerCert On|Off #tried both
LDAPTrustedMode SSL|TLS #tried both

in my ldap url, I have changed the ldap:// to ldaps:// and changed the port I am connecting to

Have tried port 636 and 3269 (global catalogue SSL)

Error log not showing anything obvious.

Any ideas?

You can change debug level to ask more detail information.