[Solved?] OPNsense 19.7.3 LDAP StartTLS/SSL

Started by hbc, March 11, 2019, 12:27:28 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 11, 2019, 12:27:28 PM Last Edit: March 11, 2019, 01:00:22 PM by hbc
Anybody else having issues with ldap as authentication server and using encrypted connections?

I made the update to 19.7.3 this morning and ldap with startTLS worked. After upgrade no authentication possible any more. I also tried SSL but neither works.

Changelog:
Quotesystem: improve LDAPS mode and related authentication cleanups

Quote
opnsense: Could not startTLS on ldap connection [error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (unable to get issuer certificate),Connect error]

Edit:
Changed from StartTLS to SSL and vice versa. Changed hostnames of ldap from subjectAlternative to main and back. Everything configured like before.

I do not know why, but now it works again. Very strange. All certificates in chain had been imported. Else I would say a cache has been deleted during upgrade and certificates got just fetched by a cron during my tests.
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
March 11, 2019, 03:26:34 PM #1
Worst case it required a reoobt, best case a reconfigure as we don't do that automatically on upgrade. Some files were moved and function calls replaced.


Cheers,
Franco
Print
Go Up Pages1
User actions