You are not logged in.
Pages: 1
Dear all,
when trying to auth GLPI to the DC over port LDAPS Port 636 I just get "test failed". When we used regular LDAP it worked fine.
Are there any additional steps I am not seeing?
Connection filter: (&(objectClass=user)(objectCategory=person)(!(userAccountControl: 1.2.840.113556.1.4.803:=2)))
RootDN format: username@domain.local
Last edited by quotum (2022-11-08 17:41:48)
Offline
We have the same issue on GLPI 10.0.3.
We have configured an LDAP directory on Active Directory server ad1.<our_domain>.com on port 636, with TLS activated in Advanced Informations.
1- The authentication works fine with uncrypted LDAP on port 389.
2- A linux ldapsearch to ldaps://ad1.<our_domain>.com command works fine with same baseDN, BindDN and password than GLPI config above and the "TLS_REQCERT allow" directive in /etc/ldap/ldap.conf.
3- Other WEB applications use the same LDAPS authentication without any problem
It prooves that our SSL internal authorities are valid.
But the Test button gives : Error, Having troubles setting up an advanced GLPI module?
We can help you solve them. Sign up for support on https://services.glpi-network.com/.
I could not find any log in php-errors.log or other file, even with debug mode activated, which does not help to figure what's happening.
I used LDAPS on GLPI 9 version without any problem in the past.
Can somebody help ?
Or at least tell us how we could get more explicit logs (just like the verbose mode of ldapsearch) than the error message above ?
Thanks
GLPI 10.0.6 with GLPI Inventory 1.1.0 on Debian bullseye
Offline
I just understood it :
TLS option in Advanced Informations is for StartTLS.
If your LDAP server is able to answer to both kinds LDAPS and LDAP+StartTLS, then the 2 possible configurations in GLPI are :
1- LDAPS : ldaps://<fqdn> port 636 with option TLS disabled
or
2- LDAP+StartTLS : : ldap://<fqdn> port 389, option TLS enabled
GLPI 10.0.6 with GLPI Inventory 1.1.0 on Debian bullseye
Offline
Hello,
I'm having "the same problem", I can't get ldaps to work and the documentation information is not complete, and there's no error log so I don't know what to look for.
I have the server set up with ldaps://+server, port 636 (validated with telnet).
I used TLS=no.
I think the problem is with the TLS Certfile and TLS Keyfile. How can I validate them?
Thank you.
Offline
Hello,
I'm having "the same problem", I can't get ldaps to work and the documentation information is not complete, and there's no error log so I don't know what to look for.
I have the server set up with ldaps://+server, port 636 (validated with telnet).
I used TLS=no.
I think the problem is with the TLS Certfile and TLS Keyfile. How can I validate them?
Thank you.
Hello, I had the same problem and I solved it by placing the certificates that I use in the apache where the glpi runs.
Offline
hello
any idea how to do it with windows iis?
Offline
Changemanager wrote:Hello,
I'm having "the same problem", I can't get ldaps to work and the documentation information is not complete, and there's no error log so I don't know what to look for.
I have the server set up with ldaps://+server, port 636 (validated with telnet).
I used TLS=no.
I think the problem is with the TLS Certfile and TLS Keyfile. How can I validate them?
Thank you.
Hello, I had the same problem and I solved it by placing the certificates that I use in the apache where the glpi runs.
Hi,
Can you share your apache config ??
Offline
Pages: 1