为LDAPS跨域复制TLS证书。 [英] Replication of TLS certs across domain for LDAPS.

问题描述

希望有人可以对我遇到的问题有所了解。刚刚在我的2003域发布了第三方证书，允许我们使用LDAPS，但证书不能在我们的中学复制。 

Hopefully someone can shed some light on an issue I'm having. Just issued a 3rd party certificate for my 2003 domain here to allow us to use LDAPS but the cert is not replicating across our secondary. 

按照指南进行操作。  http：/ /support.microsoft.com/kb/321051但在PDC上导入证书并等待几个小时后我仍无法查询我们的二级端口  636。

Followed the guide here. http://support.microsoft.com/kb/321051 but after importing the cert on the PDC and waiting several hours i'm still unable to query our secondary on port 636.

推荐答案

进行更多测试并注意到

Just a bit more testing and noticed

可以使用ldp.exe连接到我们在端口636上为ad.example.com颁发的证书的服务器，但只能从主机自己的桌面连接。一旦我尝试从端口636上的svr2.ad.example.com等SDC返回到domain.example.com，我就会收到错误。 

Can connect to the server we issued the cert for ad.example.com on port 636 using ldp.exe but only from the hosts own desktop. Once I try from a SDC such as svr2.ad.example.com on port 636 back to domain.example.com I get the error. 

0x0 = ldap_unbind（ld） ;
$
ld = ldap_sslinit（" ad.example.com"，636,1）;

错误0 = ldap_set_option（hLdap，LDAP_OPT_PROTOCOL_VERSION，3）;

错误81 = ldap_connect（hLdap，NULL）;

服务器错误：< empty>

错误< 0x51>：无法连接到广告。 example.com。
$
ld = ldap_sslinit（" svr1.ad.example.com"，636,1）;

错误81 = ldap_set_option（hLdap，LDAP_OPT_PROTOCOL_VERSION，3 ）; $
错误81 = ldap_connect（hLdap，NULL）;

服务器错误：< empty>

错误< 0x51>：失败连接到svr1.ad.example.com。

0x0 = ldap_unbind(ld);
ld = ldap_sslinit("ad.example.com", 636, 1);
Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);
Error 81 = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to ad.example.com.
ld = ldap_sslinit("svr1.ad.example.com", 636, 1);
Error 81 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);
Error 81 = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to svr1.ad.example.com.

我们的DNS设置如下 

our DNS is setup like this 

domain.example.com 192.168.0.1

domain.example.com 192.168.0.2

domain.example.com 192.168.0.1
domain.example.com 192.168.0.2

svr1.ad.example.com 192.168.0.1

svr1.ad.example.com 192.168.0.1

svr2.ad.example.com 192.168.0.2

svr2.ad.example.com 192.168.0.2

证书是起诉ad.example.com 

The cert was issued for ad.example.com 

这篇关于为LDAPS跨域复制TLS证书。的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！