Details
-
Type:
Bug
-
Status: Engineering Closed (View Workflow)
-
Priority:
Low
-
Resolution: Behaves as Intended
-
Affects Version/s: None
-
Fix Version/s: N/A
-
Component/s: Certificates
-
Labels:
-
Impact:Low
Description
Commandline:
Managed to get an LDAPS connection working and verifying when using;
openssl s_client -connect domain.tld:636 -CAfile /etc/certificates/cert.crt
and verified the cert using;
openssl verify -CAfile /etc/certificates/CA/CA.crt /etc/certificates/cert.crt
/etc/certificates/cert.crt: OK
Directory Services LDAP:
I use a kerberos principal to authenticate (Same as using for AD). Without encryption ON, LDAP works.
With enryption ON and selecting the certificate, as visible on the screenshot, I get an error.
Certificate-based authentication is not supported by remote LDAP server: Authentication method not supported: 00002027: LdapErr: DSID-0C0905ED, comment: Invalid Authentication method, data 0, v4563.
Google did not help.... nor for the LdapErr: DSID-0C0905ED or data 0, v4563
Directory Services Active Directory:
Using that same certificate in Active directory with Encryption Mode ON, it seems to be working. No errors after saving the AD config and when rebuilding the DIRECTORY SERVICE CACHE. Also using the same Kerberos Principal here.
Certificate-based authentication is, so far I know, not something you have to enable on the LDAP server. It should just work because the AD's are also able to connect to eachother using LDAPS.
What am I missing? Or what could be the issue?
