Welcome, Guest. Please login or register.
Forums
« previous next »
Pages: [1]

Author Topic: LDAPS - Ignore certificate ?  (Read 3289 times)

michael

  • Newbie
  • *
  • Posts: 4
    • View Profile
LDAPS - Ignore certificate ?
« on: February 07, 2020, 09:16:19 am »
Hi,
 
Following microsoft announcement over LDAP channel binding / signing requirements
https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows
 
I'm trying to move my working LDAP configuration to LDAPs.
Changing the servers to ldaps:// and port to 636 didn't work. The error message doesn't really help so I thought about a certificate error (Nedi doesn't know our AD certificates)
 
I didn't find the option to ignore server cert in nedi.conf
 
I found ideas with google, like putting "TLS_REQCERT never" in /etc/ldap/ldap.conf but that didn't work. I even tried to modify the php file by adding "putenv('LDAPTLS_REQCERT=never');" before ldap_connect same thing.
 
 
Did anyone manage to make it work ?
Logged

michael

  • Newbie
  • *
  • Posts: 4
    • View Profile
Re: LDAPS - Ignore certificate ?
« Reply #1 on: May 20, 2020, 09:35:30 am »
Update to this topic, as I didn't find a solution :
- I exported our local CA root certificate with format Base-64 encoded X.509 (.CER) and imported it to Nedi
- To do so : copy the file to /usr/local/share/ca-certificates then run update-ca-certificates
- reconfigure ldap to ldaps (in nedi.conf change path from ldap:// to ldaps:// and port from 389 to 636)
Logged

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2893
    • View Profile
    • NeDi
Re: LDAPS - Ignore certificate ?
« Reply #2 on: May 25, 2020, 10:04:24 am »
At least you found a way that works and posted it, tx!
I don't do much with LDAP, so I'm relying on others here...
Logged
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

michael

  • Newbie
  • *
  • Posts: 4
    • View Profile
Re: LDAPS - Ignore certificate ?
« Reply #3 on: May 25, 2020, 10:06:59 am »
Quote from: rickli on May 25, 2020, 10:04:24 am
At least you found a way that works and posted it, tx!
I don't do much with LDAP, so I'm relying on others here...
No problem I hope that helps  ;)
Logged

Sascha

  • Newbie
  • *
  • Posts: 1
    • View Profile
Re: LDAPS - Ignore certificate ?
« Reply #4 on: August 20, 2020, 03:10:25 pm »
I had the same Problem.

Thanks to michael for the solution... it works well as descripted
« Last Edit: August 21, 2020, 10:17:13 am by Sascha »
Logged

Saguu

  • Newbie
  • *
  • Posts: 27
    • View Profile
Re: LDAPS - Ignore certificate ?
« Reply #5 on: December 31, 2020, 04:34:41 pm »
Works fine on CentOS 7 but not with Nedian20  :-[

Any ideas ?


EDIT : Ok, found ! Need a .CRT file, not a .CER  :)
« Last Edit: January 01, 2021, 06:49:29 pm by Saguu »
Logged

teksupsm

  • Newbie
  • *
  • Posts: 1
    • View Profile
Re: LDAPS - Ignore certificate ?
« Reply #6 on: January 05, 2021, 05:52:31 pm »
I am having trouble getting LDAP to work.  I have the certs available and an ldapsearch from command line works specifying the same creds and user  but Nedi does not bind.  I get a bind error.

"PHP message: PHP Warning:  ldap_bind(): Unable to bind to server: Can't contact LDAP server in /var/nedi/html/inc/libldap.php on line 190" while reading response header from upstream
Logged
Pages: [1]
« previous next »