i cannot connect my PMG to an LDAPS (ldap/ssl) server. the LDAPS server uses a valid certificate (signed by letsencrypt), and I can use it just fine with e.g. ldapsearch -x -H ldaps://ldap.example.com`. however with PMG, the connection is terminated, because of certificate errors. The root cause for this is quite obviously because the `Server` field in the LDAP-Profile can only be an IP address.both IPv4 and IPv6 seems to be allowed, so the textfield is limited to the following characters Code: [0-9a-fA-Z.:] now, my certificate is (as any good certificate) valid for the DNS-name (e.g. `ldap.example.com`) but not for the associated IP (`192.168.1.2`). However, PMG/ldap seems to validate the subject name of the certificate against the IP address and fails. my current workaround to the problem is to run a local ldap-proxy, that speaks LDAP to PMG, but communicates with the real server using LDAPS. i don't really understand why I cannot add a domain name in the `server` field (and i even tried on the cmdline).
Same problem. Can't add my AD server as only IP address are allowed. My Samba4 server is configured to refuse plain text binds, so there's no way for PMG to accept the certificate.
BTW, another issue is that ldaps isn't being used at all because of a typo in /usr/share/perl5/PMG/LDAPCache.pm line 352 $opts->{schema} should be $opts->{scheme}
In fact, appart from the typo (schema -> scheme), it's working with plain IP address. Which is even worst than not working at all because it means PMG doesn't validate LDAP server certificate. I've opened a bunch of bugs for LDAP support. See https://bugzilla.proxmox.com/show_bug.cgi?id=1944 https://bugzilla.proxmox.com/show_bug.cgi?id=1945 https://bugzilla.proxmox.com/show_bug.cgi?id=1946 https://bugzilla.proxmox.com/show_bug.cgi?id=1947
