Author Topic: LDAP connection using SSL-Encryption problem (Read 1617 times)

alone_k1 · « **Reply #15 on:** August 11, 2018, 07:53:15 am »

i get the following error:

"LDAP bind error (Can't contact LDAP server)"

alone_k1 · « **Reply #16 on:** August 11, 2018, 08:18:51 pm »

trying to use SartTLS to see if it works or nor :|

alone_k1 · « **Reply #17 on:** August 11, 2018, 10:30:53 pm »

Quote from: alone_k1 on August 11, 2018, 08:18:51 pm

trying to use SartTLS to see if it works or nor :|

i followed the following configuration:
https://www.digitalocean.com/community/tutorials/how-to-encrypt-openldap-connections-using-starttls

but it dosen't work either :|||

alone_k1 · « **Reply #18 on:** August 12, 2018, 04:13:29 am »

http://s9.picofile.com/d/8334218126/903a6e02-a042-47b6-ae56-f86e4567acf3/ldap.mp4

alone_k1 · « **Reply #19 on:** August 12, 2018, 04:15:03 am »

honesty, OPNSense is full of un-patched bugs

cordel · « **Reply #20 on:** August 12, 2018, 04:24:33 am »

Was using ssl transport working prior to upgrade to 18.7?
If so, there have been some changes in how authentication is configured in 18.7 release as noted in the release notes. I think notes on these particular changes should have been towards the top of the notes and in Bold to bring better attention to them, but they are there none the less.

Check under System -> Administration -> Authentication and insure you have all your LDAP servers checked, and also select "Local Database" if you want local fallback.

Used to be that you could only select two items, primary and fallback.
Also there are some slight changes/additions in Secure Shell configuration, as well as Users Configuration that may need some attention if your upgrading from 18.1 to 18.7.

cordel · « **Reply #21 on:** August 12, 2018, 06:34:37 am »

Quote from: alone_k1 on August 11, 2018, 08:18:51 pm

trying to use SartTLS to see if it works or nor :|

You should check through all your steps, as I have working SSL and had no issue switching to StartTLS using OPNsense 18.7.

I have been personally using ldaps:// since OPNsense version 15 with no unexpected issues.

Make sure your client url is supported by your certificate on the server as the IP and/or url should be configured in alt names or else it will fail security checks.

alone_k1 · « **Reply #22 on:** August 12, 2018, 07:27:35 am »

thanks, i'll check the entire of process again, as i did it for 4-5 times before.

alone_k1 · « **Reply #23 on:** August 12, 2018, 06:12:19 pm »

Quote from: cordel on August 12, 2018, 06:34:37 am

Quote from: alone_k1 on August 11, 2018, 08:18:51 pm
trying to use SartTLS to see if it works or nor :|

You should check through all your steps, as I have working SSL and had no issue switching to StartTLS using OPNsense 18.7.

I have been personally using ldaps:// since OPNsense version 15 with no unexpected issues.

Make sure your client url is supported by your certificate on the server as the IP and/or url should be configured in alt names or else it will fail security checks.

cordel may you check your private messages please? i've sent you a private message asking about direct speaking, i need your help indeed ,
thanks

Author Topic: LDAP connection using SSL-Encryption problem (Read 1617 times)

alone_k1

Re: LDAP connection using SSL-Encryption problem

alone_k1

Re: LDAP connection using SSL-Encryption problem

alone_k1

Re: LDAP connection using SSL-Encryption problem

alone_k1

Re: LDAP connection using SSL-Encryption problem

alone_k1

Re: LDAP connection using SSL-Encryption problem

cordel

Re: LDAP connection using SSL-Encryption problem

cordel

Re: LDAP connection using SSL-Encryption problem

alone_k1

Re: LDAP connection using SSL-Encryption problem

alone_k1

Re: LDAP connection using SSL-Encryption problem