I am setting up OPNsense 15.7.18_1-amd64 (OpenSSL) hosted on ESXi-5.5.0. I am trying to set up an LDAP authentication server against a local Active Directory domain controller. When I click the Select button in the Containers section, I get the informative message: "Could not connect to the LDAP server. Please check your LDAP configuration."
So, my main question is, how in the world do I troubleshoot this? Are there any log files or other tests that could give me more information?
Can't help you with logs, but do upgrade to the latest version before continuing any further.
This is how have set it up, excluding the basic information/settings.
Protocol version: 3
Bind credentials\User DN: domain\serviceaccount
Search scope\Level: One level
Base DN: DC=domain,DC=local
Authentication containers: use Select here. Should work if you got the previous settings filled in correctly.
Extended query: take the default IIRC. Been a while since I set it up.
User naming attribute: samAccountName
That work for me(tm)
Hi Craig,
The ldap_bind() call is being muted in the code, that is indeed a bit hard to trace. I will try to improve the error reporting for 15.7.25 out on Monday.
Cheers,
Franco
Some more hints may be hidden here... http://php.net/manual/de/function.ldap-bind.php#103034
QuoteThe ldap_bind() call is being muted in the code, that is indeed a bit hard to trace. I will try to improve the error reporting for 15.7.25 out on Monday.
Much appreciated. :) The better the error messages, the faster I can figure out how and why I'm being stupid.
QuoteCan't help you with logs, but do upgrade to the latest version before continuing any further.
Good idea, so I did that. I like the updated menu layout.
I managed to resolve the issue, mostly by poking around and thinking really hard like a bear of very little brain. I had pointed the system to external DNS servers, but I was trying to resolve an internal host... Like I said, very little brain.
Once I pointed to a DNS server that could actually resolve my domain controller, everything worked great. I did notice one UI issue that might cause issues for others. The authentication containers selection window is non-resizeable (at least in IE 11), so if you have more than 7 containers, they spill off the bottom of the window. I resolved it by narrowing the search scope, but users in a complex organization would probably have to resort to typing the container DNs by hand.
Thanks for everyone's help!
Hi Craig,
Glad this worked out ok. I've relaxed the priority for the issue a little, but it's on file: https://github.com/opnsense/core/issues/669
Your suggestion has been filed as well: https://github.com/opnsense/core/issues/673
Cheers,
Franco