mirror of
https://github.com/gravitational/teleport
synced 2024-10-20 17:23:22 +00:00
Tweak LDAPS troubleshooting docs
Make it clear that an LDAP connection reset can be due to attempting to connect on port 389 (which is what our original instructions advised)
This commit is contained in:
parent
e8f3b54684
commit
a165ad2fcb
|
@ -94,7 +94,7 @@ For desktops that are automatically discovered via LDAP, Teleport makes DNS
|
|||
queries against the LDAP server in order to resolve the hostname to an IP
|
||||
address.
|
||||
|
||||
Ensure that your firewalls allow inbound DNS traffic on port 53 from the
|
||||
Ensure that your firewalls allow inbound DNS traffic on port `53` from the
|
||||
instance(s) running Teleport's Windows Desktop Service to the LDAP server
|
||||
(Active Directory Domain Controller).
|
||||
|
||||
|
@ -163,11 +163,14 @@ connecting to LDAP server: unable to read LDAP response packet: read tcp 172.18.
|
|||
|
||||
**Solution:** Enable LDAPS
|
||||
|
||||
This means you do not have an LDAP certificate installed on your LDAP servers.
|
||||
You can resolve this by
|
||||
[installing Active Directory Certificate Services](https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority)
|
||||
This means you do not have an LDAP certificate installed on your LDAP servers,
|
||||
or you are trying to make an insecure connection on port `389`. Teleport requires
|
||||
secure LDAPS connections, which are typically on port `636`. First, confirm that
|
||||
you are connecting to the correct LDAPS port. If that doesn't resolve your
|
||||
issue, you can
|
||||
[instal Active Directory Certificate Services](https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority)
|
||||
(AD CS) or
|
||||
[importing](https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/enable-ldap-over-ssl-3rd-certification-authority)
|
||||
[import](https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/enable-ldap-over-ssl-3rd-certification-authority)
|
||||
your own third party certificate. Note that Active Directory is
|
||||
[extremely picky](https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/enable-ldap-over-ssl-3rd-certification-authority#requirements-for-an-ldaps-certificate)
|
||||
so take care to generate your certificates correctly.
|
||||
|
|
Loading…
Reference in a new issue