I get a generic error "ldap_simple_bind() failed][Can't contact LDAP server]" when trying to connect to ldap server with "ldaps" for ldap authentication. This all worked well under regular ldap on port 389, but my requirement is to get it working with secure ldaps and port 636. First off I can runopenssl s_client -connect server:636
nc -z -v IP 636
I can see a close wait connection on ncsd connected to the ldap server.
I suspect this has to do with certificates and apache2? Not much documentation out there. Here are my relevant chunks:
AuthType Basic
AuthBasicProvider ldap file
AuthName "GestioIP - Authentication against AD"
LDAPTrustedClientCert CERT_BASE64 /usr/local/share/cacertificates/tucows-root-ca-v2.crt
AuthLDAPUrl "ldaps://x.x.x.x:636/DC=int,DC=tucows,DC=com?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "CN=SA-ADLookups,OU=Service Accounts,DC=int,DC=tucows,DC=com"
AuthLDAPBindPassword "secret"
AuthLDAPBindAuthoritative on
Require ldap-user
Some posts I tried to follow suggested I use module auth_ldap. However I cannot find that module to install and supposedly have another module that works instead? Horribly confused and wondering what is wrong? No one at my office can help either, just on my plate to figure out. With such a generic error, I don't know if the cert is failing or if the config is wrong or ???
I am on debian 10, we are using this for a GestioIP install just to get users authenticated. Any help of any kind is greatly appreciated.
Regards,
Jen Mead
|