Loading...

SSL LDAP Connection Errors

LDAP over SSL has been deprecated in favor of TLS some time ago, however some legacy systems may still need to connect in this way.

The most common issue is that LDAP will attempt to validate your SSL certificate, which if it's self-signed, will most likely fail.

Supporting Self-Signed SSL

On every instance of AuthStack running PHP-FPM, edit the following file:

/etc/ldap/ldap.conf

Change the config and ensure the following changes are made:

TLS_REQCERT never
#TLS_CACERT /etc/ssl/certs/ca-certificates.crt

Restart PHP-FPM once the changes are made:

sudo service php5.6-fpm restart

Within the LDAP Connection setup process in AuthStack, ensure you use the following settings, replacing the IP/port as per your installation.

file

Do not tick the TLS flag.

file

This should resolve your connection issues. If you still experience issues then contact the Support Team.


Previous Article

HA Best Practices

Next Article

Reviewing Logs

We're happy to talk

Our offices are open 8.30am - 7pm GMT, Monday to Friday - but you can always contact us via email. When we receive your email during opening hours, we aim to respond within 30 minutes or less. Should your email reach us out of hours, we will contact you when the office re-opens.

You can contact us using live chat