OpenLDAP msg=SSL connect attempt failed

[naisanza]

I followed the steps enabling SSL for LDAP with a self-signed certificate, but get the error:

Aug 10 05:15:56 world pvedaemon[515]: authentication failure; rhost=10.10.10.225 user=test2@ldap msg=SSL connect attempt failed

https://help.ubuntu.com/lts/serverguide/openldap-server.html#openldap-tls

I've copied "cacert.pem" and "ldap01_slapd_cert.pem" to

/usr/share/ca-certificates

on proxmox, and ran

dpkg-reconfigure ca-certificates

and added both certificates (because I don't know which one's the public ca cert)

domains.cfg:

ldap: ldap
    comment LDAP Server
    base_dn ou=users,dc=server,dc=com
    server1 ldap.server.com
    user_attr uid
    bind_dn cn=admin,dc=server,dc=com
    default 1
    port 389
    secure 1

And the password for, "cn=admin" in:

/etc/pve/priv/ldap/ldap.pw

"ldap.<server>.com" is a resolvable DNS A record

Also, I'm guessing the "olcRootDn" is the bind_dn


ldap log:

Aug 10 10:24:02 ldap-world0 slapd[259]: conn=1023 fd=16 ACCEPT from IP=10.0.1.10:58266 (IP=0.0.0.0:389)
Aug 10 10:24:02 ldap-world0 slapd[259]: conn=1023 fd=16 closed (connection lost)

 

[naisanza]

Does anyone else use OpenLDAP with proxmox?

 

[mlanner]

Yes. Have it working on PVE 5.1 with "auto-TLS" on port 389, like this:

ldap: domain.com
        comment My LDAP
        base_dn dc=domain,dc=com
        server1 ldap.domain.com
        user_attr uid
        default 1
        secure 0
        server2 ldap-master.domain.com

 

[naisanza]

Yes. Have it working on PVE 5.1 with "auto-TLS" on port 389, like this:

ldap: domain.com
        comment My LDAP
        base_dn dc=domain,dc=com
        server1 ldap.domain.com
        user_attr uid
        default 1
        secure 0
        server2 ldap-master.domain.com

Without "secure 1" it would be clear text. The auto-TLS would just be set to off