1
0
-1

Hi,

 

I use LDAP authentication on OpenAudIT 2.0.8 community edition against an Active Directory and everything is working like a charm.

Now I want to switch to LDAPS with a self signed certificate and I didn't find out where to add my certificate to the trusted certificate store or add my CA cert. to the trusted CA store of the PHP LDAP module

alternatively I am also fine with a workaround to ignore SSL certificates (like CN, DNS mismatch or untrusted certificates)

 

Many thanks in advance

  1. adviqo

    I've tried now with the Open-AudIT 2.0.10 release but still the same issue.

    LDAP is working but no LDAPS is possible.
    There is still a lack of information why this fails. I only get the standard "something is wrong with LDAP error in the System log when I've enabled LDAPS on port 636.

     

    Invalid user supplied credentials for LDAP server at <our-ldap-server> or the LDAP server could not be reached, skipping


    Is there anyone who can help me to find out how to get LDAPS running or how to debug this issue?

     

    Best regards

CommentAdd your comment...

2 answers

  1.  
    1
    0
    -1

    An ugly hack would be to skip the validation. Pointing to the self signed CA hasn't worked for me.

    On Debian 9.6:

    In "/etc/ldap/ldap.conf"

    # TLS certificates (needed for GnuTLS)
    #TLS_CACERT /etc/ssl/certs/<path_to_CA_cert.crt>
    TLS_REQCERT never

      CommentAdd your comment...
    1.  
      1
      0
      -1
      1. adviqo

        Hi Jose,

        I've also found this wiki article but unfortunately this one don't have information about using SSL / LDAPS

        my LDAP setup without SSL is working fine.

         

        Best regards,

        adviqo

      CommentAdd your comment...