You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Which MS Windows certificate store(s) does the ldapauth-fork module use to verify SSL certificates when using ldaps to bind to a directory service? I tried setting up a bind to our Active Directory domain for MeshCentral2 which uses ldapauth-fork. When MC2 tries to search AD to authenticate a user I see the errors in MC2's log (below). Our AD domain uses round-robin DNS for three domain controllers and I'm guessing this may be the cause of the 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' error. There are copies of our organization's root certs in Windows' "Trusted Root Certification Authorities" and I also tried manually adding exported copies of those to the system's local store. Is ldapauth-fork's default behavior to have the operating system verify a certificate or does ldapauth-fork handle the verification by using some/all Windows' certificate stores itself?
Error: unable to verify the first certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1474:34)
at TLSSocket.emit (events.js:310:20)
at TLSSocket._finishInit (_tls_wrap.js:917:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:687:12)
Emitted 'error' event on LdapAuth instance at:
at LdapAuth._handleError (C:\Program Files\Open Source\MeshCentral\node_modules\ldapauth-fork\lib\ldapauth.js:185:8)
at Client.emit (events.js:310:20)
at Backoff. (C:\Program Files\Open Source\MeshCentral\node_modules\ldapjs\lib\client\client.js:1228:12)
at Backoff.emit (events.js:310:20)
at Backoff.backoff (C:\Program Files\Open Source\MeshCentral\node_modules\backoff\lib\backoff.js:41:14)
at C:\Program Files\Open Source\MeshCentral\node_modules\ldapjs\lib\client\client.js:1214:15
at f (C:\Program Files\Open Source\MeshCentral\node_modules\once\once.js:25:25)
at TLSSocket.onResult (C:\Program Files\Open Source\MeshCentral\node_modules\ldapjs\lib\client\client.js:1016:7)
at Object.onceWrapper (events.js:417:26)
at TLSSocket.emit (events.js:310:20) {
code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'
}
The text was updated successfully, but these errors were encountered:
Which MS Windows certificate store(s) does the ldapauth-fork module use to verify SSL certificates when using ldaps to bind to a directory service? I tried setting up a bind to our Active Directory domain for MeshCentral2 which uses ldapauth-fork. When MC2 tries to search AD to authenticate a user I see the errors in MC2's log (below). Our AD domain uses round-robin DNS for three domain controllers and I'm guessing this may be the cause of the 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' error. There are copies of our organization's root certs in Windows' "Trusted Root Certification Authorities" and I also tried manually adding exported copies of those to the system's local store. Is ldapauth-fork's default behavior to have the operating system verify a certificate or does ldapauth-fork handle the verification by using some/all Windows' certificate stores itself?
-------- 7/20/2020, 12:04:02 PM ---- 0.5.89 --------
events.js:287
throw er; // Unhandled 'error' event
^
Error: unable to verify the first certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1474:34)
at TLSSocket.emit (events.js:310:20)
at TLSSocket._finishInit (_tls_wrap.js:917:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:687:12)
Emitted 'error' event on LdapAuth instance at:
at LdapAuth._handleError (C:\Program Files\Open Source\MeshCentral\node_modules\ldapauth-fork\lib\ldapauth.js:185:8)
at Client.emit (events.js:310:20)
at Backoff. (C:\Program Files\Open Source\MeshCentral\node_modules\ldapjs\lib\client\client.js:1228:12)
at Backoff.emit (events.js:310:20)
at Backoff.backoff (C:\Program Files\Open Source\MeshCentral\node_modules\backoff\lib\backoff.js:41:14)
at C:\Program Files\Open Source\MeshCentral\node_modules\ldapjs\lib\client\client.js:1214:15
at f (C:\Program Files\Open Source\MeshCentral\node_modules\once\once.js:25:25)
at TLSSocket.onResult (C:\Program Files\Open Source\MeshCentral\node_modules\ldapjs\lib\client\client.js:1016:7)
at Object.onceWrapper (events.js:417:26)
at TLSSocket.emit (events.js:310:20) {
code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'
}
The text was updated successfully, but these errors were encountered: