openssl s_client -connect server:636
nc -z -v IP 636
I can see a close wait connection on ncsd connected to the ldap server.
I suspect this has to do with certificates and apache2? Not much documentation out there. Here are my relevant chunks:
AuthType Basic
AuthBasicProvider ldap file
AuthName "GestioIP - Authentication against AD"
LDAPTrustedClientCert CERT_BASE64 /usr/local/share/cacertificates/tucows-root-ca-v2.crt
AuthLDAPUrl "ldaps://x.x.x.x:636/DC=int,DC=tucows,DC=com?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "CN=SA-ADLookups,OU=Service Accounts,DC=int,DC=tucows,DC=com"
AuthLDAPBindPassword "secret"
AuthLDAPBindAuthoritative on
Require ldap-user
Some posts I tried to follow suggested I use module auth_ldap. However I cannot find that module to install and supposedly have another module that works instead? Horribly confused and wondering what is wrong? No one at my office can help either, just on my plate to figure out. With such a generic error, I don't know if the cert is failing or if the config is wrong or ???
I am on debian 10, we are using this for a GestioIP install just to get users authenticated. Any help of any kind is greatly appreciated.
Regards,
Jen Mead
|