Which MS Windows certificate store(s) does the ldapauth-fork module use to verify SSL certificates when using ldaps to bind to a directory service? I tried setting up a bind to our Active Directory domain for MeshCentral2 which uses ldapauth-fork. When MC2 tries to search AD to authenticate a user I see the errors in MC2's log (below). Our AD domain uses round-robin DNS for three domain controllers and I'm guessing this may be the cause of the 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' error. There are copies of our organization's root certs in Windows' "Trusted Root Certification Authorities" and I also tried manually adding exported copies of those to the system's local store. Is ldapauth-fork's default behavior to have the operating system verify a certificate or does ldapauth-fork handle the verification by using some/all Windows' certificate stores itself?
Error: unable to verify the first certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1474:34)
at TLSSocket.emit (events.js:310:20)
at TLSSocket._finishInit (_tls_wrap.js:917:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:687:12)
Emitted 'error' event on LdapAuth instance at:
at LdapAuth._handleError (C:\Program Files\Open Source\MeshCentral\node_modules\ldapauth-fork\lib\ldapauth.js:185:8)
at Client.emit (events.js:310:20)
at Backoff. (C:\Program Files\Open Source\MeshCentral\node_modules\ldapjs\lib\client\client.js:1228:12)
at Backoff.emit (events.js:310:20)
at Backoff.backoff (C:\Program Files\Open Source\MeshCentral\node_modules\backoff\lib\backoff.js:41:14)
at C:\Program Files\Open Source\MeshCentral\node_modules\ldapjs\lib\client\client.js:1214:15
at f (C:\Program Files\Open Source\MeshCentral\node_modules\once\once.js:25:25)
at TLSSocket.onResult (C:\Program Files\Open Source\MeshCentral\node_modules\ldapjs\lib\client\client.js:1016:7)
at Object.onceWrapper (events.js:417:26)
at TLSSocket.emit (events.js:310:20) {
code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'
}
Which MS Windows certificate store(s) does the ldapauth-fork module use to verify SSL certificates when using ldaps to bind to a directory service? I tried setting up a bind to our Active Directory domain for MeshCentral2 which uses ldapauth-fork. When MC2 tries to search AD to authenticate a user I see the errors in MC2's log (below). Our AD domain uses round-robin DNS for three domain controllers and I'm guessing this may be the cause of the 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' error. There are copies of our organization's root certs in Windows' "Trusted Root Certification Authorities" and I also tried manually adding exported copies of those to the system's local store. Is ldapauth-fork's default behavior to have the operating system verify a certificate or does ldapauth-fork handle the verification by using some/all Windows' certificate stores itself?
-------- 7/20/2020, 12:04:02 PM ---- 0.5.89 --------
events.js:287 throw er; // Unhandled 'error' event ^
Error: unable to verify the first certificate at TLSSocket.onConnectSecure (_tls_wrap.js:1474:34) at TLSSocket.emit (events.js:310:20) at TLSSocket._finishInit (_tls_wrap.js:917:8) at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:687:12) Emitted 'error' event on LdapAuth instance at: at LdapAuth._handleError (C:\Program Files\Open Source\MeshCentral\node_modules\ldapauth-fork\lib\ldapauth.js:185:8) at Client.emit (events.js:310:20) at Backoff. (C:\Program Files\Open Source\MeshCentral\node_modules\ldapjs\lib\client\client.js:1228:12) at Backoff.emit (events.js:310:20) at Backoff.backoff (C:\Program Files\Open Source\MeshCentral\node_modules\backoff\lib\backoff.js:41:14) at C:\Program Files\Open Source\MeshCentral\node_modules\ldapjs\lib\client\client.js:1214:15 at f (C:\Program Files\Open Source\MeshCentral\node_modules\once\once.js:25:25) at TLSSocket.onResult (C:\Program Files\Open Source\MeshCentral\node_modules\ldapjs\lib\client\client.js:1016:7) at Object.onceWrapper (events.js:417:26) at TLSSocket.emit (events.js:310:20) { code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' }