You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

Topic closed

#1 2017-07-27 05:35:25

lexcorp
Member
Registered: 2014-09-17
Posts: 64

[SOLVED] Unable to start TLS: Can't contact LDAP server

GLPI Version: 9.1.4
Active Directory: Windows Server 2008
Active Directory SSL enabled on port 636

Config LDAP Directory:

Default Server = yes
Active = yes
Server = myldap.local.test.mx
Port = 636
Connection Filter = (&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
BaseDN = DC=local,DC=test,DC=mx
RootDN = CN=Administrador,CN=Users,DC=local,DC=test,DC=mx
Password = *****
Login Field = samaccountname
Use TLS = yes

When test connection: "Test of Main Server myldap failed."

PHP Warning: ldap_start_tls(): Unable to start TLS: Can't contact LDAP server in D:\wamp64\www\glpi914\inc\authldap.class.php at line 2214

Last edited by lexcorp (2017-07-27 16:27:07)

Offline

#2 2017-07-27 06:31:00

Roshan
Member
Registered: 2017-07-26
Posts: 69

Re: [SOLVED] Unable to start TLS: Can't contact LDAP server

Hello ,
i dont know about SSL port , but default Port for LDAP is 389.

Offline

#3 2017-07-27 11:23:56

keyser75
Member
Registered: 2016-05-02
Posts: 50

Re: [SOLVED] Unable to start TLS: Can't contact LDAP server

Hi,

On which OS is your GLPI Server ? Debian ?
I had same error on debian 7/8. Due to gnutls (version < 3) incompatible with TLS 1.2.

I had to disable TLS 1.2 in two scripts by adding desactivate TLS1.2 :
- add 

putenv('LDAPTLS_CIPHER_SUITE=NORMAL:!VERS-TLS1.2');

In this two scripts :
/var/www/glpi/inc/auth.class.php, Fonction connection_ldap() - ligne 217
/var/www/glpi/inc/authldap.class.php, Fonction connectToServer() - ligne 2203

(GLPI 9.1.6 / FusionInventory 9.1+1.1)

Offline

#4 2017-07-27 16:16:40

lexcorp
Member
Registered: 2014-09-17
Posts: 64

Re: [SOLVED] Unable to start TLS: Can't contact LDAP server

Roshan wrote:

Hello ,
i dont know about SSL port , but default Port for LDAP is 389.

Thank you Roshan, in SSL connections default port for LDAP is 636

Last edited by lexcorp (2017-07-27 16:18:49)

Offline

#5 2017-07-27 16:24:47

lexcorp
Member
Registered: 2014-09-17
Posts: 64

Re: [SOLVED] Unable to start TLS: Can't contact LDAP server

Hello, I have solved it.

In the httpd.conf file I have enabled two modules:

LoadModule authnz_ldap_module modules / mod_authnz_ldap.so
LoadModule ldap_module modules / mod_ldap.so

And the following line:

LDAPTrustedGlobalCert CA_BASE64 "C:\openldap\sysconfig\server-ca.cer"

As for the configuration, I have the following:

Default Server = yes
Active = yes
Server = ldaps://myldap.local.test.mx
Port = 636
Connection Filter = (&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
BaseDN = DC=local,DC=test,DC=mx
RootDN = CN=Administrador,CN=Users,DC=local,DC=test,DC=mx
Password = *****
Login Field = samaccountname
Use TLS = No

When test connection: "Test of Main Server myldap Succesfull."

Offline

Pages: 1

Topic closed

Board footer

Powered by FluxBB