If it's all internal, try LDAPVerifyServerCert off. On Fri, Apr 1, 2022 at 11:47 AM Jennifer Mead <jm...@tucows.com> wrote:
> I get a generic error "ldap_simple_bind() failed][Can't contact LDAP > server]" when trying to connect to ldap server with "ldaps" for ldap > authentication. This all worked well under regular ldap on port 389, but > my requirement is to get it working with secure ldaps and port 636. First > off I can run > > openssl s_client -connect server:636 > > nc -z -v IP 636 > > > I can see a close wait connection on ncsd connected to the ldap server. > > > I suspect this has to do with certificates and apache2? Not much > documentation out there. Here are my relevant chunks: > > > AuthType Basic > > AuthBasicProvider ldap file > > AuthName "GestioIP - Authentication against AD" > > LDAPTrustedClientCert CERT_BASE64 > /usr/local/share/cacertificates/tucows-root-ca-v2.crt > > AuthLDAPUrl > "ldaps://x.x.x.x:636/DC=int,DC=tucows,DC=com?sAMAccountName?sub?(objectClass=*)" > > AuthLDAPBindDN "CN=SA-ADLookups,OU=Service > Accounts,DC=int,DC=tucows,DC=com" > > AuthLDAPBindPassword "secret" > > AuthLDAPBindAuthoritative on > > Require ldap-user > > > Some posts I tried to follow suggested I use module auth_ldap. However I > cannot find that module to install and supposedly have another module that > works instead? Horribly confused and wondering what is wrong? No one at > my office can help either, just on my plate to figure out. With such a > generic error, I don't know if the cert is failing or if the config is > wrong or ??? > > > I am on debian 10, we are using this for a GestioIP install just to get > users authenticated. Any help of any kind is greatly appreciated. > > > Regards, > > Jen Mead > > jm...@tucowsinc.com > > >
