LDAPS Connection

More
1 month 1 week ago #159395 by Smidder
Smidder created the topic: LDAPS Connection
Hello,

we've got a problem with the LDAP SSL connection to LimeSurvey. The LDAP Auth is working.
If we change from LDAP:// to ldaps:// and the port from 389 to 636 the login does not work anymore.
If we login to LimeSurvey there is only the error message 'Can't contact LDAP Server.'

Does somebody know this problem?

Best regards
Smidder

Please Log in to join the conversation.

More
1 month 1 week ago #159431 by DenisChenu
DenisChenu replied the topic: LDAPS Connection
Surely some bad SSL connexion on your size. It's a valid SSL key or a personal use key ?

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand (or search sondages pro).
An error happen ? Before make a new topic : remind the Debug mode .

Please Log in to join the conversation.

More
1 month 1 week ago #159435 by Smidder
Smidder replied the topic: LDAPS Connection
It is a valid SSL key. Are you able to tell me where I have to store the CA certificate?

Please Log in to join the conversation.

More
1 month 1 week ago #159436 by DenisChenu
DenisChenu replied the topic: LDAPS Connection
Maybe some issue about tls/ssl.
Best is to look at your server error log i think.

Currently, on another tool , i have an issue with CYPHER and php5.6

Else :
php -r "print_r(openssl_get_cert_locations());"

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand (or search sondages pro).
An error happen ? Before make a new topic : remind the Debug mode .

Please Log in to join the conversation.

More
1 month 3 days ago - 1 month 3 days ago #159653 by bdeprez
bdeprez replied the topic: LDAPS Connection
Hi,
I had the same issues - let me explain how I solved it (note: I'm on RHEL7 but must be something similar for your OS):

1° /etc/openldap/LDAP.conf

this conf file needs the path to my CA Certificate - mine has something like this:

TLS_CACERT /etc/pki-root/ca.pem

2° /etc/pki-root/ca.pem

this file then contains my root CA with the 'BEGIN CERTIFICATE' and 'END CERTIFICATE' delimiters.

This is working for me. Note: I don't use Start-TLS (that is Off in my LDAP plugin configuration)

Hope this helps!
B
Last Edit: 1 month 3 days ago by bdeprez. Reason: clarified I'm not using Start-TLS

Please Log in to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now
Join our Newsletter!