Skip to content

'UNABLE_TO_VERIFY_LEAF_SIGNATURE' and MS Active Directory #87

New issue
New issue
Open
Open
'UNABLE_TO_VERIFY_LEAF_SIGNATURE' and MS Active Directory#87
@tlcarpenter

Description

@tlcarpenter
tlcarpenter
opened on Jul 21, 2020
  • Node.js Version: 12.16.2
  • OS: Windows 10 1909 (OS Build 18363.959)
  • Scope (install, code, runtime, meta, other?): runtime
  • Module (and version) (if relevant): ldapauth-fork (version 4.4.3 - https://www.npmjs.com/package/ldapauth-fork)

Which MS Windows certificate store(s) does the ldapauth-fork module use to verify SSL certificates when using ldaps to bind to a directory service? I tried setting up a bind to our Active Directory domain for MeshCentral2 which uses ldapauth-fork. When MC2 tries to search AD to authenticate a user I see the errors in MC2's log (below). Our AD domain uses round-robin DNS for three domain controllers and I'm guessing this may be the cause of the 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' error. There are copies of our organization's root certs in Windows' "Trusted Root Certification Authorities" and I also tried manually adding exported copies of those to the system's local store. Is ldapauth-fork's default behavior to have the operating system verify a certificate or does ldapauth-fork handle the verification by using some/all Windows' certificate stores itself?

-------- 7/20/2020, 12:04:02 PM ---- 0.5.89 --------

events.js:287
throw er; // Unhandled 'error' event
^

Error: unable to verify the first certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1474:34)
at TLSSocket.emit (events.js:310:20)
at TLSSocket._finishInit (_tls_wrap.js:917:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:687:12)
Emitted 'error' event on LdapAuth instance at:
at LdapAuth._handleError (C:\Program Files\Open Source\MeshCentral\node_modules\ldapauth-fork\lib\ldapauth.js:185:8)
at Client.emit (events.js:310:20)
at Backoff. (C:\Program Files\Open Source\MeshCentral\node_modules\ldapjs\lib\client\client.js:1228:12)
at Backoff.emit (events.js:310:20)
at Backoff.backoff (C:\Program Files\Open Source\MeshCentral\node_modules\backoff\lib\backoff.js:41:14)
at C:\Program Files\Open Source\MeshCentral\node_modules\ldapjs\lib\client\client.js:1214:15
at f (C:\Program Files\Open Source\MeshCentral\node_modules\once\once.js:25:25)
at TLSSocket.onResult (C:\Program Files\Open Source\MeshCentral\node_modules\ldapjs\lib\client\client.js:1016:7)
at Object.onceWrapper (events.js:417:26)
at TLSSocket.emit (events.js:310:20) {
code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions