OpenLDAP msg=SSL connect attempt failed

Discussion in 'Proxmox VE: Installation and configuration' started by naisanza, Aug 10, 2017.

  1. naisanza

    naisanza Member

    Joined:
    Aug 11, 2016
    Messages:
    31
    Likes Received:
    1
    I followed the steps enabling SSL for LDAP with a self-signed certificate, but get the error:
    Code:
    Aug 10 05:15:56 world pvedaemon[515]: authentication failure; rhost=10.10.10.225 user=test2@ldap msg=SSL connect attempt failed
    https://help.ubuntu.com/lts/serverguide/openldap-server.html#openldap-tls

    I've copied "cacert.pem" and "ldap01_slapd_cert.pem" to
    Code:
    /usr/share/ca-certificates
    on proxmox, and ran
    Code:
    dpkg-reconfigure ca-certificates
    and added both certificates (because I don't know which one's the public ca cert)

    domains.cfg:
    Code:
    ldap: ldap
        comment LDAP Server
        base_dn ou=users,dc=server,dc=com
        server1 ldap.server.com
        user_attr uid
        bind_dn cn=admin,dc=server,dc=com
        default 1
        port 389
        secure 1
    And the password for, "cn=admin" in:
    Code:
    /etc/pve/priv/ldap/ldap.pw
    "ldap.<server>.com" is a resolvable DNS A record

    Also, I'm guessing the "olcRootDn" is the bind_dn


    ldap log:
    Code:
    Aug 10 10:24:02 ldap-world0 slapd[259]: conn=1023 fd=16 ACCEPT from IP=10.0.1.10:58266 (IP=0.0.0.0:389)
    Aug 10 10:24:02 ldap-world0 slapd[259]: conn=1023 fd=16 closed (connection lost)
     
    #1 naisanza, Aug 10, 2017
    Last edited: Aug 10, 2017
    fireon likes this.
  2. naisanza

    naisanza Member

    Joined:
    Aug 11, 2016
    Messages:
    31
    Likes Received:
    1
    Does anyone else use OpenLDAP with proxmox?
     
  3. mlanner

    mlanner Member

    Joined:
    Apr 1, 2009
    Messages:
    184
    Likes Received:
    1
    Yes. Have it working on PVE 5.1 with "auto-TLS" on port 389, like this:

    Code:
    ldap: domain.com
            comment My LDAP
            base_dn dc=domain,dc=com
            server1 ldap.domain.com
            user_attr uid
            default 1
            secure 0
            server2 ldap-master.domain.com
    
     
  4. naisanza

    naisanza Member

    Joined:
    Aug 11, 2016
    Messages:
    31
    Likes Received:
    1
    Without "secure 1" it would be clear text. The auto-TLS would just be set to off
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice