OpenLDAP msg=SSL connect attempt failed

naisanza

Member
Aug 11, 2016
31
1
6
I followed the steps enabling SSL for LDAP with a self-signed certificate, but get the error:
Code:
Aug 10 05:15:56 world pvedaemon[515]: authentication failure; rhost=10.10.10.225 user=test2@ldap msg=SSL connect attempt failed
https://help.ubuntu.com/lts/serverguide/openldap-server.html#openldap-tls

I've copied "cacert.pem" and "ldap01_slapd_cert.pem" to
Code:
/usr/share/ca-certificates
on proxmox, and ran
Code:
dpkg-reconfigure ca-certificates
and added both certificates (because I don't know which one's the public ca cert)

domains.cfg:
Code:
ldap: ldap
    comment LDAP Server
    base_dn ou=users,dc=server,dc=com
    server1 ldap.server.com
    user_attr uid
    bind_dn cn=admin,dc=server,dc=com
    default 1
    port 389
    secure 1

And the password for, "cn=admin" in:
Code:
/etc/pve/priv/ldap/ldap.pw

"ldap.<server>.com" is a resolvable DNS A record

Also, I'm guessing the "olcRootDn" is the bind_dn


ldap log:
Code:
Aug 10 10:24:02 ldap-world0 slapd[259]: conn=1023 fd=16 ACCEPT from IP=10.0.1.10:58266 (IP=0.0.0.0:389)
Aug 10 10:24:02 ldap-world0 slapd[259]: conn=1023 fd=16 closed (connection lost)
 
Last edited:
  • Like
Reactions: fireon

mlanner

Active Member
Apr 1, 2009
186
1
38
Berkeley, CA
Yes. Have it working on PVE 5.1 with "auto-TLS" on port 389, like this:

Code:
ldap: domain.com
        comment My LDAP
        base_dn dc=domain,dc=com
        server1 ldap.domain.com
        user_attr uid
        default 1
        secure 0
        server2 ldap-master.domain.com
 

naisanza

Member
Aug 11, 2016
31
1
6
Yes. Have it working on PVE 5.1 with "auto-TLS" on port 389, like this:

Code:
ldap: domain.com
        comment My LDAP
        base_dn dc=domain,dc=com
        server1 ldap.domain.com
        user_attr uid
        default 1
        secure 0
        server2 ldap-master.domain.com

Without "secure 1" it would be clear text. The auto-TLS would just be set to off
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!