OpenLDAP msg=SSL connect attempt failed

naisanza

Member
Aug 11, 2016
31
1
6
I followed the steps enabling SSL for LDAP with a self-signed certificate, but get the error:
Code:
Aug 10 05:15:56 world pvedaemon[515]: authentication failure; rhost=10.10.10.225 user=test2@ldap msg=SSL connect attempt failed
https://help.ubuntu.com/lts/serverguide/openldap-server.html#openldap-tls

I've copied "cacert.pem" and "ldap01_slapd_cert.pem" to
Code:
/usr/share/ca-certificates
on proxmox, and ran
Code:
dpkg-reconfigure ca-certificates
and added both certificates (because I don't know which one's the public ca cert)

domains.cfg:
Code:
ldap: ldap
    comment LDAP Server
    base_dn ou=users,dc=server,dc=com
    server1 ldap.server.com
    user_attr uid
    bind_dn cn=admin,dc=server,dc=com
    default 1
    port 389
    secure 1

And the password for, "cn=admin" in:
Code:
/etc/pve/priv/ldap/ldap.pw

"ldap.<server>.com" is a resolvable DNS A record

Also, I'm guessing the "olcRootDn" is the bind_dn


ldap log:
Code:
Aug 10 10:24:02 ldap-world0 slapd[259]: conn=1023 fd=16 ACCEPT from IP=10.0.1.10:58266 (IP=0.0.0.0:389)
Aug 10 10:24:02 ldap-world0 slapd[259]: conn=1023 fd=16 closed (connection lost)
 
Last edited:
  • Like
Reactions: fireon
Yes. Have it working on PVE 5.1 with "auto-TLS" on port 389, like this:

Code:
ldap: domain.com
        comment My LDAP
        base_dn dc=domain,dc=com
        server1 ldap.domain.com
        user_attr uid
        default 1
        secure 0
        server2 ldap-master.domain.com
 
Yes. Have it working on PVE 5.1 with "auto-TLS" on port 389, like this:

Code:
ldap: domain.com
        comment My LDAP
        base_dn dc=domain,dc=com
        server1 ldap.domain.com
        user_attr uid
        default 1
        secure 0
        server2 ldap-master.domain.com

Without "secure 1" it would be clear text. The auto-TLS would just be set to off
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!