Unable get ldaps to work
69 views
Skip to first unread message
Keef
Nov 25, 2015, 7:58:26 AM11/25/15
to privacyidea
Hi, I am trying to get PrivacyIDEA to connect to my OpenLDAP Server with self signed TLS cert.
ldap://ldap.mydomain = Your LDAP config seems to be OK, 0 user objects found.
ldaps://ldap.mydomain = LDAPServerPoolExhaustedError('no active server available in server pool',)
I can use a windows tool "LDAP Admin" to connect to the LDAP Server with and without TLS.
I have had a look in the logs but have been unable to spot anything awry. I am guessing it might be a issue with my certificate being self signed but I don't want to purchase a cert justnow so if that is the problem I would like to get PrivacyIDEA to accept my cert for the time being.
Can any help ?
Thanks
Keith
ldap://ldap.mydomain = Your LDAP config seems to be OK, 0 user objects found.
ldaps://ldap.mydomain = LDAPServerPoolExhaustedError('no active server available in server pool',)
I can use a windows tool "LDAP Admin" to connect to the LDAP Server with and without TLS.
I have had a look in the logs but have been unable to spot anything awry. I am guessing it might be a issue with my certificate being self signed but I don't want to purchase a cert justnow so if that is the problem I would like to get PrivacyIDEA to accept my cert for the time being.
Can any help ?
Thanks
Keith
Keef
Nov 25, 2015, 8:12:37 AM11/25/15
to privacyidea
Ah, I've figured it out. I thought it was possible to do a ldaps:// connection to port 389. It might just be the way I have configured my OpenLDAP server but I thought you could connect on port 389 and the connection would get upgraded to TLS... Anyway I realied that OpenLDAP service was listening on both ports 389 and 636 but the firewall on my OpenLDAP server was blocking port 636 so that is the reason I couldn't connect with ldaps:// Opening port 636 has resolved this problem for me.
Cheers
Keith
Cheers
Keith
Cornelius Kölbel
Nov 25, 2015, 8:14:52 AM11/25/15
to priva...@googlegroups.com
Hi Keith,
great. Glad this turned out ok.
If you have any other problems or issues, please do not hesitate to drop
them here.
Kind regards
Cornelius
> --
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/cef86275-9822-4e83-a57c-959d08e575a0%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
great. Glad this turned out ok.
If you have any other problems or issues, please do not hesitate to drop
them here.
Kind regards
Cornelius
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/cef86275-9822-4e83-a57c-959d08e575a0%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Reply all
Reply to author
Forward
0 new messages