LDAP connection using SSL-Encryption problem

Started by alone_k1, August 09, 2018, 06:54:27 AM

Previous topic - Next topic
Respected OPNSense team,
there is a problem when i use LDAP with SSL-Encryption feature.

according to the following picture :
when i try to choose SSL-Encryption from  System -> Servers -> Transport


and after adding the certificate that is generated on the LDAP Server to the authorities part (System -> Trust -> Authorities); after adding user from the ldap directory and giving it the effective privileges, i tried to login , the first time i tried it work correctly but after restarting configd and login from dashboard i can't login anymore. when i check the logging section i get the following error:



i tried running list_ciphers.py file and there isn't any problem with it:


i also checked the ssl connection with LDAP server using openssl, and there isn't any problem with it either:




i don't know what is wrong , may someone help me. it's very important for me, i'm working in an enterprise-level company and its necessary to make connection using SSL-Encryption.
thanks

Why do you get an error from Tinc when using LDAP for WebUI???  :o

i don't know, may you guide me to trace to the main problem i can't figure out which code causes the problem, while everything is fine

Have you restarted the firewall and tried again? I'm quite sure the logs have nothing to do with it

How is this related to Tutorial of FAQ?
Seems this topic needs to be moved to somewhere else.
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.


Quote from: mimugmail on August 09, 2018, 10:44:07 AM
Have you restarted the firewall and tried again? I'm quite sure the logs have nothing to do with it

???

There wasn't any problem till i reset the firewall, and after that i couldn't login using LDAP defined username and password.

OK, and now you are locked? Or do you have access to Console? There was no upgrade to 18.7 involved since there changed something regarding auth?

no i set fallback as local system and i can login with root local-account, but i need to implement secure LDAP login.
PS:by default TCP-LDAP mode i can authorize and get access, but as i said, i need to implement in secure mode.

Just for testing:

Go to CLI and open /usr/local/etc/openldap/ldap.conf and add

TLS_REQCERT never

to the end.

Perhaps this help.

thank for the answer, how i can trace the main cause of problem, any detailed log or something related ?

Vial CLI:

clog -f /var/log/system.log

Then you log in and look for errors.

Does the ldap.conf foo work?

Quote from: alone_k1 on August 09, 2018, 11:09:33 PM
thank for the answer, how i can trace the main cause of problem, any detailed log or something related ?
hi, thanks for the answer,
ldap.conf file is all commented with #, is this something normal :


#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example,dc=com
#URI   ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT   12
#TIMELIMIT   15
#DEREF      never

Yes, just add the line somewhere. On Linux this always works.