OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • LDAP connection using SSL-Encryption problem
« previous next »
  • Print
Pages: [1] 2

Author Topic: LDAP connection using SSL-Encryption problem  (Read 7973 times)

alone_k1

  • Newbie
  • *
  • Posts: 19
  • Karma: 0
    • View Profile
LDAP connection using SSL-Encryption problem
« on: August 09, 2018, 06:54:27 am »
Respected OPNSense team,
there is a problem when i use LDAP with SSL-Encryption feature.

according to the following picture :
when i try to choose SSL-Encryption from  System -> Servers -> Transport


and after adding the certificate that is generated on the LDAP Server to the authorities part (System -> Trust -> Authorities); after adding user from the ldap directory and giving it the effective privileges, i tried to login , the first time i tried it work correctly but after restarting configd and login from dashboard i can't login anymore. when i check the logging section i get the following error:



i tried running list_ciphers.py file and there isn't any problem with it:


i also checked the ssl connection with LDAP server using openssl, and there isn't any problem with it either:




i don't know what is wrong , may someone help me. it's very important for me, i'm working in an enterprise-level company and its necessary to make connection using SSL-Encryption.
thanks
Logged

mimugmail

  • Hero Member
  • *****
  • Posts: 6302
  • Karma: 434
    • View Profile
Re: LDAP connection using SSL-Encryption problem
« Reply #1 on: August 09, 2018, 09:15:36 am »
Why do you get an error from Tinc when using LDAP for WebUI???  :o
Logged
Twitter: mimu_muc
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/

alone_k1

  • Newbie
  • *
  • Posts: 19
  • Karma: 0
    • View Profile
Re: LDAP connection using SSL-Encryption problem
« Reply #2 on: August 09, 2018, 09:58:04 am »
i don't know, may you guide me to trace to the main problem i can't figure out which code causes the problem, while everything is fine
Logged

mimugmail

  • Hero Member
  • *****
  • Posts: 6302
  • Karma: 434
    • View Profile
Re: LDAP connection using SSL-Encryption problem
« Reply #3 on: August 09, 2018, 10:44:07 am »
Have you restarted the firewall and tried again? I'm quite sure the logs have nothing to do with it
Logged
Twitter: mimu_muc
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/

weust

  • Hero Member
  • *****
  • Posts: 644
  • Karma: 57
    • View Profile
Re: LDAP connection using SSL-Encryption problem
« Reply #4 on: August 09, 2018, 10:57:34 am »
How is this related to Tutorial of FAQ?
Seems this topic needs to be moved to somewhere else.
Logged
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.

alone_k1

  • Newbie
  • *
  • Posts: 19
  • Karma: 0
    • View Profile
Re: LDAP connection using SSL-Encryption problem
« Reply #5 on: August 09, 2018, 04:17:56 pm »
is there any idea about this problem?
Logged

mimugmail

  • Hero Member
  • *****
  • Posts: 6302
  • Karma: 434
    • View Profile
Re: LDAP connection using SSL-Encryption problem
« Reply #6 on: August 09, 2018, 04:34:47 pm »
Quote from: mimugmail on August 09, 2018, 10:44:07 am
Have you restarted the firewall and tried again? I'm quite sure the logs have nothing to do with it

???
Logged
Twitter: mimu_muc
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/

alone_k1

  • Newbie
  • *
  • Posts: 19
  • Karma: 0
    • View Profile
Re: LDAP connection using SSL-Encryption problem
« Reply #7 on: August 09, 2018, 05:18:50 pm »
There wasn't any problem till i reset the firewall, and after that i couldn't login using LDAP defined username and password.
Logged

mimugmail

  • Hero Member
  • *****
  • Posts: 6302
  • Karma: 434
    • View Profile
Re: LDAP connection using SSL-Encryption problem
« Reply #8 on: August 09, 2018, 05:35:02 pm »
OK, and now you are locked? Or do you have access to Console? There was no upgrade to 18.7 involved since there changed something regarding auth?
Logged
Twitter: mimu_muc
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/

alone_k1

  • Newbie
  • *
  • Posts: 19
  • Karma: 0
    • View Profile
Re: LDAP connection using SSL-Encryption problem
« Reply #9 on: August 09, 2018, 09:55:51 pm »
no i set fallback as local system and i can login with root local-account, but i need to implement secure LDAP login.
 PS:by default TCP-LDAP mode i can authorize and get access, but as i said, i need to implement in secure mode.
Logged

mimugmail

  • Hero Member
  • *****
  • Posts: 6302
  • Karma: 434
    • View Profile
Re: LDAP connection using SSL-Encryption problem
« Reply #10 on: August 09, 2018, 10:11:03 pm »
Just for testing:

Go to CLI and open /usr/local/etc/openldap/ldap.conf and add

TLS_REQCERT never

to the end.

Perhaps this help.
Logged
Twitter: mimu_muc
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/

alone_k1

  • Newbie
  • *
  • Posts: 19
  • Karma: 0
    • View Profile
Re: LDAP connection using SSL-Encryption problem
« Reply #11 on: August 09, 2018, 11:09:33 pm »
thank for the answer, how i can trace the main cause of problem, any detailed log or something related ?
Logged

mimugmail

  • Hero Member
  • *****
  • Posts: 6302
  • Karma: 434
    • View Profile
Re: LDAP connection using SSL-Encryption problem
« Reply #12 on: August 10, 2018, 07:58:42 am »
Vial CLI:

clog -f /var/log/system.log

Then you log in and look for errors.

Does the ldap.conf foo work?
Logged
Twitter: mimu_muc
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/

alone_k1

  • Newbie
  • *
  • Posts: 19
  • Karma: 0
    • View Profile
Re: LDAP connection using SSL-Encryption problem
« Reply #13 on: August 11, 2018, 06:32:56 am »
Quote from: alone_k1 on August 09, 2018, 11:09:33 pm
thank for the answer, how i can trace the main cause of problem, any detailed log or something related ?
hi, thanks for the answer,
ldap.conf file is all commented with #, is this something normal :


#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example,dc=com
#URI   ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT   12
#TIMELIMIT   15
#DEREF      never
Logged

mimugmail

  • Hero Member
  • *****
  • Posts: 6302
  • Karma: 434
    • View Profile
Re: LDAP connection using SSL-Encryption problem
« Reply #14 on: August 11, 2018, 06:47:39 am »
Yes, just add the line somewhere. On Linux this always works.
Logged
Twitter: mimu_muc
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/

  • Print
Pages: [1] 2
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • LDAP connection using SSL-Encryption problem
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2