Hi Team,
I have been trying to do the LDAP integration with Icingaweb… I have added resources as shown below…
cn=ldap_icinga2 (Useraccount that i made on my AD under ou(users)
Can you please advise if i am doing something wrong?
Hi Team,
I have been trying to do the LDAP integration with Icingaweb… I have added resources as shown below…
cn=ldap_icinga2 (Useraccount that i made on my AD under ou(users)
Can you please advise if i am doing something wrong?
Hi.
Are you sure about ldaps?
Do you probably mean starttls?
If you mean ldaps: Do you mean port 389 oder 636?
I face the same issue, I’m trying to authenticate against LDAPS over 636. i get the same error.
If there anything i’m doing is wrong ?
Hi.
Can you do the request successfully via the commandline, from the server hosting the icingaweb2 instance?
E.g.:
ldapsearch -H ldaps://<your.awesome.ldap.server> \
-p 636 \
-x -W \
-D "<your bind account>" \
-b "<the base dn>"
(respectively the correct arguments)
I slightly edited the command from @homerjay as -p is not supported with -H on my implementation. and added -d8 for more debugging output:
ldapsearch -H ldaps://<your.awesome.ldap.server:636> -x -W -d8 -D "<your bind account>" -b "<the base dn>"
You can add “TLS_REQCERT allow” to your ldap.conf (ubuntu: /etc/ldap/ldap.conf) to ignore wrong certificates. So you can check if its a certificate problem. Also make sure that any ca cert given in config really exists, otherwise there will be no usefull errorcode in the result.
Hello,
Thanks for the help, the issue is now resolved.
My certificates weren’t added, steps i followed were:-
First converted my .der certificate to .pem and then .pem to .crt
openssl x509 -inform der -in my-ca.der -out my-ca.pem
openssl x509 -in my-ca.pem -inform PEM -out my-ca.crt
created another directory /usr/share/ca-certificates/extras
copied my .crt file to /usr/share/ca-certificates/extras
dpkg-reconfigure ca-certificates
selected the certificate and installed it
Finally was able to establish LDAPS connection in resources under systems on Icingaweb console.
Have a good day :-)!
I am still facing the issue… i have tried both Ldaps & starttls… Still facing the issue… & i have tried with both the ports 389 & 636… can you advise on this?
Check if the solution from this thread works for you: