Uploaded image for project: 'TrueNAS'
  1. TrueNAS
  2. NAS-106922

LDAPS certificate error

    XMLWordPrintable

    Details

    • Impact:
      Low

      Description

      Commandline:

      Managed to get an LDAPS connection working and verifying when using; 

      openssl s_client -connect domain.tld:636 -CAfile /etc/certificates/cert.crt

      and verified the cert using;

      openssl verify -CAfile /etc/certificates/CA/CA.crt /etc/certificates/cert.crt
      /etc/certificates/cert.crt: OK

      Directory Services LDAP:

      I use a kerberos principal to authenticate (Same as using for AD). Without encryption ON, LDAP works. 
      With enryption ON and selecting the certificate, as visible on the screenshot, I get an error.
      Certificate-based authentication is not supported by remote LDAP server: Authentication method not supported: 00002027: LdapErr: DSID-0C0905ED, comment: Invalid Authentication method, data 0, v4563.
      Google did not help.... nor for the LdapErr: DSID-0C0905ED or data 0, v4563

      Directory Services Active Directory:
      Using that same certificate in Active directory with Encryption Mode ON, it seems to be working. No errors after saving the AD config and when rebuilding the DIRECTORY SERVICE CACHE. Also using the same Kerberos Principal here. 

      Certificate-based authentication is, so far I know, not something you have to enable on the LDAP server. It should just work because the AD's are also able to connect to eachother using LDAPS.

      What am I missing? Or what could be the issue?

       

       

        Attachments

          Attachments

            JEditor

              Activity

                People

                Assignee:
                releng Triage Team
                Reporter:
                Quinten Quinten
                Watchers:
                Andrew Walker, Quinten
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: