Hello freaks,
I’m not a Linux insider, but I have successfully installed Icinga2 and icingaweb2 and everything is going great.
In my company we want to make our systems more secure, so I switched icingaweb2 to https. This also works great. However, I have big problems with the authentication via LDAP. LDAP itself works fine, but not LDAPS.
What am I doing wrong?
I’m using a Debian 11 without a GUI. (Icinga r2.13.1-1, php 7.4.21)
authentication.ini:
[ad_user]
backend = “msldap”
resource = “active_directory”
filter = “! (objectClass = computer)”
base_dn = “DC=xx,DC=yy,DC=zz”
[active_directory]
type = “ldap”
hostname = “server.xx.yy.zz”
port = “389”
encryption = “none”
root_dn = “DC=xx,DC=yy,DC=zz”
bind_dn = “CN=Monitoring,OU=servies,OU=location,DC=xx,DC=yy,DC=zz”
bind_pw = “password”
timeout = “5”
This works great, but the following changes no longer:
port = “636”
encryption = “LDAPS”
The certificates for our CA’s are successfully installed in /etc/ssl/certs (c_rehash) …
The following error occurs during the connection test in the Icingaweb2 web interface:
Connect using LDAPS
NOTE: There might be an issue with the chosen encryption. Ensure that the LDAP server supports LDAPS and that the LDAP client is configured to accept its certificate.
LDAP bind (CN = Monitoring, OU = servies, OU = location, DC = xx, DC = yy, DC = zz / ***) to ldaps: //server.xx.yy.zz: 636 failed: Can’t contact LDAP server.
Note:
it works great on a CentOS, but that OS is not an option.
I am thankful for every help…