3 Replies Latest reply on Jun 6, 2011 3:26 PM by Sean Slattery

    Web Reporter 5.2 and AD signed communications

    Sean Slattery

      Hi,

       

      I am having trouble getting my WR52 installation on a member 2008 32-bit server to communicate with 2008 DC's which are configured to require signed communcations.

       

      When I setup the registered LDAP/AD severs in ePO454, I have the option to specify SSL and I use port 636 instead of 389.

       

      But in WR52, I can specify port 636 but there isnt' the equivalent option for using SSL .

       

      Thank you in advance.

        • 1. Re: Web Reporter 5.2 and AD signed communications
          Sean Slattery

          I have submitted an FMR for this.

          • 2. Re: Web Reporter 5.2 and AD signed communications

            As a temporary work-around, I have been able to use stunnel to wrap encryption around the LDAP session:

             

            This is how I configured stunnel to do LDAPS for Web Reporter. My Web Reporter runs on Linux, but the idea is the same for Windows.
            Hope it helps.
            ---

            Install stunnel on the OS and configure it like this:

            [root@CentOS stunnel]# cat /etc/stunnel/stunnel.conf
            client=yes
            verify=0
            [LDAPS]
            accept  = 636
            #192.168.2.80 is the IP of the AD server that will accept LDAPS connections
            connect = 192.168.2.80:636
            TIMEOUTclose = 0


            Configure stunnel so it runs every time the reporter server boots:
            [root@CentOS stunnel]# cat /etc/rc.d/rc.local
            #!/bin/sh
            /usr/sbin/stunnel

             

            Then configure the directory in web reporter to connect to itself on port 636:

            Capture.PNG

             

             

            Now all the traffic is encrypted to LDAP.

            There are windows versions of stunnel at stunnel.org for use on a windows web reporter server. I haven't tried them, but the idea is the same. You just need to start stunnel as a service which is in the FAQ on stunnel.org.


            Hope it helps.

            1 of 1 people found this helpful
            • 3. Re: Web Reporter 5.2 and AD signed communications
              Sean Slattery

              Thanks Erik, I'll give it a try.