topic LDAP over SSL authentication not working in Expedition Discussions

LDAP over SSL authentication not working

grenzi — Thu, 29 Nov 2018 11:57:34 GMT

Hello everybody,

I've just installed and updated the Expedition VM and I'm trying to configure LDAP (Active Directory) authentication. It works fine when contacting the domain controller over port tcp/389 without SSL, but it doesn't work if I set SSL (and port tcp/636, of course). The domain controller uses a self signed certificate for the LDAP service. I tryed to import the CA certificate on the Expedition VM at /etc/ssl/cert. but nothing changed. I know that the domain controller is well configured for LDAP over SSL, since I already use this type of authentication for other services, including admin authentication on Palo Alto firewalls. Any suggestion?

Thank you in advance

Re: LDAP over SSL authentication not working

grenzi — Thu, 29 Nov 2018 13:23:18 GMT

Solved by adding

TLS_REQCERT     never

into /etc/ldap/ldap.conf

Hope this helps someone else.

Re: LDAP over SSL authentication not working

bagherib — Thu, 29 Nov 2018 13:34:17 GMT

Excellent, thanks for sharing.

Re: LDAP over SSL authentication not working

sjanita — Wed, 05 Dec 2018 16:17:46 GMT

thank you for posting grenzi

Re: LDAP over SSL authentication not working

Sean_Small — Fri, 25 Mar 2022 15:04:07 GMT

The accepted solution "TLS_REQCERT never" is not really a fix. This only bypasses cert checking. If you are running into this issue it's because your company run's their own root CA and you generated a cert for expedition from it. So you need to put your local cert into the Linux cert store.

Proper fix:

$ sudo cp local-ca.crt /usr/local/share/ca-certificates

$ sudo update-ca-certificates

Re: LDAP over SSL authentication not working

grenzi — Fri, 25 Mar 2022 15:15:54 GMT

@Sean_Small yes, you are right 👍