LDAPS Connection

More
1 year 1 month ago #159395 by Smidder
Smidder created the topic: LDAPS Connection
Hello,

we've got a problem with the LDAP SSL connection to LimeSurvey. The LDAP Auth is working.
If we change from LDAP:// to ldaps:// and the port from 389 to 636 the login does not work anymore.
If we login to LimeSurvey there is only the error message 'Can't contact LDAP Server.'

Does somebody know this problem?

Best regards
Smidder

Please Log in or Create an account to join the conversation.

More
1 year 1 month ago #159431 by DenisChenu
DenisChenu replied the topic: LDAPS Connection
Surely some bad SSL connexion on your size. It's a valid SSL key or a personal use key ?

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand (or search sondages pro).
An error happen ? Before make a new topic : remind the Debug mode .

Please Log in or Create an account to join the conversation.

More
1 year 1 month ago #159435 by Smidder
Smidder replied the topic: LDAPS Connection
It is a valid SSL key. Are you able to tell me where I have to store the CA certificate?

Please Log in or Create an account to join the conversation.

More
1 year 1 month ago #159436 by DenisChenu
DenisChenu replied the topic: LDAPS Connection
Maybe some issue about tls/ssl.
Best is to look at your server error log i think.

Currently, on another tool , i have an issue with CYPHER and php5.6

Else :
php -r "print_r(openssl_get_cert_locations());"

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand (or search sondages pro).
An error happen ? Before make a new topic : remind the Debug mode .

Please Log in or Create an account to join the conversation.

More
1 year 1 month ago - 1 year 1 month ago #159653 by bdeprez
bdeprez replied the topic: LDAPS Connection
Hi,
I had the same issues - let me explain how I solved it (note: I'm on RHEL7 but must be something similar for your OS):

1° /etc/openldap/LDAP.conf

this conf file needs the path to my CA Certificate - mine has something like this:

TLS_CACERT /etc/pki-root/ca.pem

2° /etc/pki-root/ca.pem

this file then contains my root CA with the 'BEGIN CERTIFICATE' and 'END CERTIFICATE' delimiters.

This is working for me. Note: I don't use Start-TLS (that is Off in my LDAP plugin configuration)

Hope this helps!
B
Last Edit: 1 year 1 month ago by bdeprez. Reason: clarified I'm not using Start-TLS

Please Log in or Create an account to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now
Join our Newsletter!