I get a generic error "ldap_simple_bind() failed][Can't contact LDAP
server]" when trying to connect to ldap server with "ldaps" for ldap
authentication.  This all worked well under regular ldap on port 389, but
my requirement is to get it working with secure ldaps and port 636.  First
off I can run

openssl s_client -connect server:636

nc -z -v IP 636


I can see a close wait connection on ncsd connected to the ldap server.


I suspect this has to do with certificates and apache2?  Not much
documentation out there.  Here are my relevant chunks:


AuthType Basic

AuthBasicProvider ldap file

AuthName "GestioIP - Authentication against AD"

LDAPTrustedClientCert CERT_BASE64
/usr/local/share/cacertificates/tucows-root-ca-v2.crt

AuthLDAPUrl
"ldaps://x.x.x.x:636/DC=int,DC=tucows,DC=com?sAMAccountName?sub?(objectClass=*)"

AuthLDAPBindDN "CN=SA-ADLookups,OU=Service Accounts,DC=int,DC=tucows,DC=com"

AuthLDAPBindPassword "secret"

AuthLDAPBindAuthoritative on

Require ldap-user


Some posts I tried to follow suggested I use module auth_ldap.  However I
cannot find that module to install and supposedly have another module that
works instead?  Horribly confused and wondering what is wrong?  No one at
my office can help either, just on my plate to figure out. With such a
generic error, I don't know if the cert is failing or if the config is
wrong or ???


I am on debian 10, we are using this for a GestioIP install just to get
users authenticated.  Any help of any kind is greatly appreciated.


Regards,

Jen Mead

jm...@tucowsinc.com

Reply via email to