i cannot connect my PMG to an LDAPS (ldap/ssl) server.
the LDAPS server uses a valid certificate (signed by letsencrypt), and I can use it just fine with e.g. ldapsearch -x -H ldaps://ldap.example.com`.
however with PMG, the connection is terminated, because of certificate errors.
The root cause for this is quite obviously because the `Server` field in the LDAP-Profile can only be an IP address.both IPv4 and IPv6 seems to be allowed, so the textfield is limited to the following characters
now, my certificate is (as any good certificate) valid for the DNS-name (e.g. `ldap.example.com`) but not for the associated IP (`192.168.1.2`).
However, PMG/ldap seems to validate the subject name of the certificate against the IP address and fails.
my current workaround to the problem is to run a local ldap-proxy, that speaks LDAP to PMG, but communicates with the real server using LDAPS.
i don't really understand why I cannot add a domain name in the `server` field (and i even tried on the cmdline).
the LDAPS server uses a valid certificate (signed by letsencrypt), and I can use it just fine with e.g. ldapsearch -x -H ldaps://ldap.example.com`.
however with PMG, the connection is terminated, because of certificate errors.
The root cause for this is quite obviously because the `Server` field in the LDAP-Profile can only be an IP address.both IPv4 and IPv6 seems to be allowed, so the textfield is limited to the following characters
Code:
[0-9a-fA-Z.:]However, PMG/ldap seems to validate the subject name of the certificate against the IP address and fails.
my current workaround to the problem is to run a local ldap-proxy, that speaks LDAP to PMG, but communicates with the real server using LDAPS.
i don't really understand why I cannot add a domain name in the `server` field (and i even tried on the cmdline).
