You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to privacyidea
Hi, I am trying to get PrivacyIDEA to connect to my OpenLDAP Server with self signed TLS cert.
ldap://ldap.mydomain = Your LDAP config seems to be OK, 0 user objects found. ldaps://ldap.mydomain = LDAPServerPoolExhaustedError('no active server available in server pool',)
I can use a windows tool "LDAP Admin" to connect to the LDAP Server with and without TLS.
I have had a look in the logs but have been unable to spot anything awry. I am guessing it might be a issue with my certificate being self signed but I don't want to purchase a cert justnow so if that is the problem I would like to get PrivacyIDEA to accept my cert for the time being.
Can any help ?
Thanks Keith
Keef
unread,
Nov 25, 2015, 8:12:37 AM11/25/15
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to privacyidea
Ah, I've figured it out. I thought it was possible to do a ldaps:// connection to port 389. It might just be the way I have configured my OpenLDAP server but I thought you could connect on port 389 and the connection would get upgraded to TLS... Anyway I realied that OpenLDAP service was listening on both ports 389 and 636 but the firewall on my OpenLDAP server was blocking port 636 so that is the reason I couldn't connect with ldaps:// Opening port 636 has resolved this problem for me.
Cheers Keith
Cornelius Kölbel
unread,
Nov 25, 2015, 8:14:52 AM11/25/15
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to priva...@googlegroups.com
Hi Keith,
great. Glad this turned out ok.
If you have any other problems or issues, please do not hesitate to drop
them here.