Messages

I have quickly test and maybe i have made a mistake configuring it, but the stunnel service doesn't wan't to start.

In parallel i have try to ask to chatgpt o3 instead of 4o which have find a solution:
* from the cli:  certctl rehash

Then i have restart opnsense and now my ldap auth server works again.

Thanks to all.

Hi,

Thanks for you're reply and sorry for my late answer, i just go back from holidays.
I'll try you're solution when ldap option will be add.

Regards.

Hi, thanks for you're answer.

Actually i don't have possibility to use LDAPS on 636 port, i don't hold the LDAP server, i can only use STARTTLS on the 389 port.

Hi,

Since i have upgrade to 25.1.9, LDAP auth server authentications fails with:

Error   audit   Could not startTLS on ldap connection [error:0200008A:rsa routines::invalid padding; Connect error]

Additional informations:
* Previous working version: 25.1.8
* Backend LDAP server version: 2.5.13+dfsg-5 (Debian bookworm)

Tested from opnsense cli:
* openssl s_client -starttls ldap -connect my_server_fqdn:389

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4197 bytes and written 443 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

* ldapwhoami -H ldap://my_server_fqdn -ZZ -x -v

anonymous
Result: Success (0)

I use self signed certificates on my ldap server with:

    Signature Algorithm: sha512WithRSAEncryption
    Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)

Thanks in advance,