debian 10, apache2.4 cannot get ldaps working

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I get a generic error "ldap_simple_bind() failed][Can't contact LDAP server]" when trying to connect to ldap server with "ldaps" for ldap authentication.  This all worked well under regular ldap on port 389, but my requirement is to get it working with secure ldaps and port 636.  First off I can run 

openssl s_client -connect server:636

nc -z -v IP 636


I can see a close wait connection on ncsd connected to the ldap server.


I suspect this has to do with certificates and apache2?  Not much documentation out there.  Here are my relevant chunks:


AuthType Basic

AuthBasicProvider ldap file

AuthName "GestioIP - Authentication against AD"

LDAPTrustedClientCert CERT_BASE64 /usr/local/share/cacertificates/tucows-root-ca-v2.crt

AuthLDAPUrl "ldaps://x.x.x.x:636/DC=int,DC=tucows,DC=com?sAMAccountName?sub?(objectClass=*)"

AuthLDAPBindDN "CN=SA-ADLookups,OU=Service Accounts,DC=int,DC=tucows,DC=com"

AuthLDAPBindPassword "secret"

AuthLDAPBindAuthoritative on

Require ldap-user


Some posts I tried to follow suggested I use module auth_ldap.  However I cannot find that module to install and supposedly have another module that works instead?  Horribly confused and wondering what is wrong?  No one at my office can help either, just on my plate to figure out. With such a generic error, I don't know if the cert is failing or if the config is wrong or ???


I am on debian 10, we are using this for a GestioIP install just to get users authenticated.  Any help of any kind is greatly appreciated.


Regards,

Jen Mead

jmead@xxxxxxxxxxxxx

 


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux