LDAP connection using SSL-Encryption problem

Started by alone_k1, August 09, 2018, 06:54:27 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
August 11, 2018, 07:53:15 AM #15
i get the following error:


"LDAP bind error (Can't contact LDAP server)"

August 11, 2018, 08:18:51 PM #16
trying to use SartTLS to see if it works or nor :|
August 11, 2018, 10:30:53 PM #17 Last Edit: August 11, 2018, 10:33:36 PM by alone_k1
Quote from: alone_k1 on August 11, 2018, 08:18:51 PM
trying to use SartTLS to see if it works or nor :|


i followed the following configuration:
https://www.digitalocean.com/community/tutorials/how-to-encrypt-openldap-connections-using-starttls

but it dosen't work either :|||
August 12, 2018, 04:13:29 AM #18
August 12, 2018, 04:15:03 AM #19
honesty, OPNSense is full of un-patched bugs
August 12, 2018, 04:24:33 AM #20
Was using ssl transport working prior to upgrade to 18.7?
If so, there have been some changes in how authentication is configured in 18.7 release as noted in the release notes. I think notes on these particular changes should have been towards the top of the notes and in Bold to bring better attention to them, but they are there none the less.

Check under System -> Administration -> Authentication and insure you have all your LDAP servers checked, and also select "Local Database" if you want local fallback.

Used to be that you could only select two items, primary and fallback.
Also there are some slight changes/additions in Secure Shell configuration, as well as Users Configuration that may need some attention if your upgrading from 18.1 to 18.7.
August 12, 2018, 06:34:37 AM #21
Quote from: alone_k1 on August 11, 2018, 08:18:51 PM
trying to use SartTLS to see if it works or nor :|

You should check through all your steps, as I have working SSL and had no issue switching to StartTLS using OPNsense 18.7.

I have been personally using ldaps:// since OPNsense version 15 with no unexpected issues.

Make sure your client url is supported by your certificate on the server as the IP and/or url should be configured in alt names or else it will fail security checks.
August 12, 2018, 07:27:35 AM #22
thanks, i'll check the entire of process again, as i did it for 4-5 times before.
August 12, 2018, 06:12:19 PM #23 Last Edit: August 12, 2018, 06:54:19 PM by alone_k1
Quote from: cordel on August 12, 2018, 06:34:37 AM
Quote from: alone_k1 on August 11, 2018, 08:18:51 PM
trying to use SartTLS to see if it works or nor :|

You should check through all your steps, as I have working SSL and had no issue switching to StartTLS using OPNsense 18.7.

I have been personally using ldaps:// since OPNsense version 15 with no unexpected issues.

Make sure your client url is supported by your certificate on the server as the IP and/or url should be configured in alt names or else it will fail security checks.


cordel may you check your private messages please? i've sent you a private message asking about direct speaking, i need your help indeed ,
thanks
Print
Go Up Pages 1 2
User actions