LDAP connection using SSL-Encryption problem

Started by alone_k1, August 09, 2018, 06:54:27 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
August 09, 2018, 06:54:27 AM
Respected OPNSense team,
there is a problem when i use LDAP with SSL-Encryption feature.

according to the following picture :
when i try to choose SSL-Encryption from  System -> Servers -> Transport


and after adding the certificate that is generated on the LDAP Server to the authorities part (System -> Trust -> Authorities); after adding user from the ldap directory and giving it the effective privileges, i tried to login , the first time i tried it work correctly but after restarting configd and login from dashboard i can't login anymore. when i check the logging section i get the following error:



i tried running list_ciphers.py file and there isn't any problem with it:


i also checked the ssl connection with LDAP server using openssl, and there isn't any problem with it either:




i don't know what is wrong , may someone help me. it's very important for me, i'm working in an enterprise-level company and its necessary to make connection using SSL-Encryption.
thanks
August 09, 2018, 09:15:36 AM #1
Why do you get an error from Tinc when using LDAP for WebUI???  :o
August 09, 2018, 09:58:04 AM #2
i don't know, may you guide me to trace to the main problem i can't figure out which code causes the problem, while everything is fine
August 09, 2018, 10:44:07 AM #3
Have you restarted the firewall and tried again? I'm quite sure the logs have nothing to do with it
August 09, 2018, 10:57:34 AM #4
How is this related to Tutorial of FAQ?
Seems this topic needs to be moved to somewhere else.
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
August 09, 2018, 04:17:56 PM #5
is there any idea about this problem?
August 09, 2018, 04:34:47 PM #6
Quote from: mimugmail on August 09, 2018, 10:44:07 AM
Have you restarted the firewall and tried again? I'm quite sure the logs have nothing to do with it

???
August 09, 2018, 05:18:50 PM #7
There wasn't any problem till i reset the firewall, and after that i couldn't login using LDAP defined username and password.
August 09, 2018, 05:35:02 PM #8
OK, and now you are locked? Or do you have access to Console? There was no upgrade to 18.7 involved since there changed something regarding auth?
August 09, 2018, 09:55:51 PM #9
no i set fallback as local system and i can login with root local-account, but i need to implement secure LDAP login.
PS:by default TCP-LDAP mode i can authorize and get access, but as i said, i need to implement in secure mode.
August 09, 2018, 10:11:03 PM #10
Just for testing:

Go to CLI and open /usr/local/etc/openldap/ldap.conf and add

TLS_REQCERT never

to the end.

Perhaps this help.
August 09, 2018, 11:09:33 PM #11
thank for the answer, how i can trace the main cause of problem, any detailed log or something related ?
August 10, 2018, 07:58:42 AM #12
Vial CLI:

clog -f /var/log/system.log

Then you log in and look for errors.

Does the ldap.conf foo work?
August 11, 2018, 06:32:56 AM #13
Quote from: alone_k1 on August 09, 2018, 11:09:33 PM
thank for the answer, how i can trace the main cause of problem, any detailed log or something related ?
hi, thanks for the answer,
ldap.conf file is all commented with #, is this something normal :


#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example,dc=com
#URI   ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT   12
#TIMELIMIT   15
#DEREF      never
August 11, 2018, 06:47:39 AM #14
Yes, just add the line somewhere. On Linux this always works.
Print
Go Up Pages1 2
User actions