Return-Path: X-Original-To: apmail-directory-users-archive@www.apache.org Delivered-To: apmail-directory-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2CBF0D66F for ; Thu, 22 Nov 2012 09:05:42 +0000 (UTC) Received: (qmail 38656 invoked by uid 500); 22 Nov 2012 09:05:42 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 38540 invoked by uid 500); 22 Nov 2012 09:05:41 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 38523 invoked by uid 99); 22 Nov 2012 09:05:41 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Nov 2012 09:05:41 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of yhjhoo@gmail.com designates 209.85.215.50 as permitted sender) Received: from [209.85.215.50] (HELO mail-la0-f50.google.com) (209.85.215.50) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Nov 2012 09:05:36 +0000 Received: by mail-la0-f50.google.com with SMTP id c1so7458519lah.37 for ; Thu, 22 Nov 2012 01:05:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=4tnVQTUYVeJtWQmYY3Pw/2giC5IjGBBLeWSin5/DHDI=; b=MsKC9r6wpYqTBiS5Z6PR7w+TcAXZItQ3AINatoqr17IYBKS9jvmrlDPLPUokJwJV3G ex+qf+lq6aecpdai27+3EWdVGrEw2DInAIN9KeTxik5V1v94ZjeDxy/K2Ujg9SFBZ8XU EgBMEet8oEPtIbgXCyqqutfSxFUYC1fiiSNBA9Bxf2luNS3cuj72UK9hwi1fNzMK581A twHhzzKEvaCTrj8IuARZretZtrRUfShMt48XQPBN/OkAidF+07p7lJF439onKNeR//fe kxd0/ryZnIeIzMx7UmU+9Wu8NWrOiSgOQh9boLbhuLCiD+j60hcCmJY8V7koZH+/9g8/ z6pQ== MIME-Version: 1.0 Received: by 10.112.29.71 with SMTP id i7mr320155lbh.85.1353575114769; Thu, 22 Nov 2012 01:05:14 -0800 (PST) Received: by 10.112.46.33 with HTTP; Thu, 22 Nov 2012 01:05:14 -0800 (PST) In-Reply-To: References: Date: Thu, 22 Nov 2012 17:05:14 +0800 Message-ID: Subject: Re: Error while opening connection to Windows 2008 R2 AD From: =?UTF-8?B?5p2o5Y2O5p2w?= To: users@directory.apache.org Content-Type: multipart/alternative; boundary=f46d040168f1e4840704cf11c3ab X-Virus-Checked: Checked by ClamAV on apache.org --f46d040168f1e4840704cf11c3ab Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Jim Thank you for your replying. I know the reasons. As I mentioned, windows AD explorer can connect to the AD. How to make a secure connection to windows AD through apacheds studio? Regards, Hua Jie On Thu, Nov 22, 2012 at 4:58 PM, Jim Willeke wrote: > The LDAP server requires at least SSL or TLS to establish the connection. > > Usually this issue is the result of a domain policy set in active directo= ry > that enforces all LDAP authentication to be secured with SSL. > The policy on the domain controller is: "Domain controller: LDAP server > signing requirements" and if set to "Require signing" the LDAP data-signi= ng > option must be negotiated unless Transport Layer Security/Secure Socket > Layer (TLS/SSL) is being used. > > If this policy is configured on one's domain controllers in a Windows > Domain, non-secure LDAP authentication will fail. > > -- > -jim > Jim Willeke > > > On Thu, Nov 22, 2012 at 1:48 AM, =E6=9D=A8=E5=8D=8E=E6=9D=B0 wrote: > > > DSID-0C0901FC > --f46d040168f1e4840704cf11c3ab--