OpenLDAP msg=SSL connect attempt failed

N

naisanza

Member
Aug 11, 2016
31
1
6
I followed the steps enabling SSL for LDAP with a self-signed certificate, but get the error:
Code: 
Aug 10 05:15:56 world pvedaemon[515]: authentication failure; rhost=10.10.10.225 user=test2@ldap msg=SSL connect attempt failed
https://help.ubuntu.com/lts/serverguide/openldap-server.html#openldap-tls

I've copied "cacert.pem" and "ldap01_slapd_cert.pem" to
Code: 
/usr/share/ca-certificates
on proxmox, and ran
Code: 
dpkg-reconfigure ca-certificates
and added both certificates (because I don't know which one's the public ca cert)

domains.cfg:
Code: 
ldap: ldap
    comment LDAP Server
    base_dn ou=users,dc=server,dc=com
    server1 ldap.server.com
    user_attr uid
    bind_dn cn=admin,dc=server,dc=com
    default 1
    port 389
    secure 1

And the password for, "cn=admin" in:
Code: 
/etc/pve/priv/ldap/ldap.pw

"ldap.<server>.com" is a resolvable DNS A record

Also, I'm guessing the "olcRootDn" is the bind_dn


ldap log:
Code: 
Aug 10 10:24:02 ldap-world0 slapd[259]: conn=1023 fd=16 ACCEPT from IP=10.0.1.10:58266 (IP=0.0.0.0:389)
Aug 10 10:24:02 ldap-world0 slapd[259]: conn=1023 fd=16 closed (connection lost)
 
Last edited:
  • Like
Reactions: fireon
Yes. Have it working on PVE 5.1 with "auto-TLS" on port 389, like this:

Code: 
ldap: domain.com
        comment My LDAP
        base_dn dc=domain,dc=com
        server1 ldap.domain.com
        user_attr uid
        default 1
        secure 0
        server2 ldap-master.domain.com
 
mlanner said:
Yes. Have it working on PVE 5.1 with "auto-TLS" on port 389, like this:

Code: 
ldap: domain.com
        comment My LDAP
        base_dn dc=domain,dc=com
        server1 ldap.domain.com
        user_attr uid
        default 1
        secure 0
        server2 ldap-master.domain.com
Click to expand...

Without "secure 1" it would be clear text. The auto-TLS would just be set to off
 
You must log in or register to reply here.
Top Bottom