LDAP connection using SSL-Encryption problem

[alone_k1]

Respected OPNSense team,
there is a problem when i use LDAP with SSL-Encryption feature.

according to the following picture :
when i try to choose SSL-Encryption from  System -> Servers -> Transport


and after adding the certificate that is generated on the LDAP Server to the authorities part (System -> Trust -> Authorities); after adding user from the ldap directory and giving it the effective privileges, i tried to login , the first time i tried it work correctly but after restarting configd and login from dashboard i can't login anymore. when i check the logging section i get the following error:



i tried running list_ciphers.py file and there isn't any problem with it:


i also checked the ssl connection with LDAP server using openssl, and there isn't any problem with it either:




i don't know what is wrong , may someone help me. it's very important for me, i'm working in an enterprise-level company and its necessary to make connection using SSL-Encryption.
thanks

[mimugmail]

Why do you get an error from Tinc when using LDAP for WebUI??? 

[alone_k1]

i don't know, may you guide me to trace to the main problem i can't figure out which code causes the problem, while everything is fine

[mimugmail]

Have you restarted the firewall and tried again? I'm quite sure the logs have nothing to do with it

[weust]

How is this related to Tutorial of FAQ?
Seems this topic needs to be moved to somewhere else.

[alone_k1]

is there any idea about this problem?

[mimugmail]

Have you restarted the firewall and tried again? I'm quite sure the logs have nothing to do with it

[alone_k1]

There wasn't any problem till i reset the firewall, and after that i couldn't login using LDAP defined username and password.

[mimugmail]

OK, and now you are locked? Or do you have access to Console? There was no upgrade to 18.7 involved since there changed something regarding auth?

[alone_k1]

no i set fallback as local system and i can login with root local-account, but i need to implement secure LDAP login.
 PS:by default TCP-LDAP mode i can authorize and get access, but as i said, i need to implement in secure mode.

[mimugmail]

Just for testing:

Go to CLI and open /usr/local/etc/openldap/ldap.conf and add

TLS_REQCERT never

to the end.

Perhaps this help.

[alone_k1]

thank for the answer, how i can trace the main cause of problem, any detailed log or something related ?

[mimugmail]

Vial CLI:

clog -f /var/log/system.log

Then you log in and look for errors.

Does the ldap.conf foo work?

[alone_k1]

thank for the answer, how i can trace the main cause of problem, any detailed log or something related ?

hi, thanks for the answer,
ldap.conf file is all commented with #, is this something normal :


#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example,dc=com
#URI   ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT   12
#TIMELIMIT   15
#DEREF      never

[mimugmail]

Yes, just add the line somewhere. On Linux this always works.