Hello, I have ldap set up and going but I can't seem to get ldaps working. I get the following error message below when running
openssl s_client -showcerts -CAfile /etc/pki/tls/certs/ca-bundle.crt-connect your. ldap.server.here:636 I would like to fix this issue so I can rule out any other issues I am having. I also tried running vifs --listdc --server my vcenter server and it fails with the message displayed at the following URL: http://probably.co.uk/vmware-perl-sdk-error-server-version-unavailable.html if it set export PERL_LWP_SSL_VERIFY_HOSTNAME=0 then the vifs --listdccommand works. Could someone assist with how the certitifcate needs to be installed? I have a certificate from the sysadmin but I keep gettting the error below. I'm not to sure on the steps outlined in the configuring the web front end for ldap authentication. f your LDAP server's SSL certificate is self-signed, your VCL web server needs to have the root CA certificate that was used to sign the LDAP server certificate installed. The PEM formatted certificate needs to be added to the ca-bundle.crt file. On CentOS, the file is located at /etc/pki/tls /certs/ca-bundle.crt. The hostname in the certificate must match the hostname entered in the conf.php file further down. If your certificate does not have the correct hostname in it, you can put an entry in /etc/hosts for the hostname in the certificate. can someone please clarify how this needs to get configured? Thank You Error message when running the openssl command above: Expansion: NO NE SSL-Session: Protocol : TLSv1 Cipher : AES128-SHA Session-ID: 683800009905729E42D39C584A91E4B72F4468392FB72A71FAA5AA630DF88439 Session-ID-ctx: Master-Key: E24AE8C7F770D863C92D9EEF81F11A76AABB54FBAF27F19328790913C3D08291909824D7FCA0372CE2DE4CA971BFB3C4 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1384349719 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) David DeMizio *Academic Systems Coordinator* Office of Information Technology New College of Florida Phone: 941-487-4222 | Fax: 941-487-4356 www.ncf.edu On Thu, Nov 7, 2013 at 4:53 PM, David DeMizio <[email protected]> wrote: > Hello, > > I'm having a difficult time configuring ldap authentication for the web > login.I used the test script found on this mailing list and it seems to > work with the following parameters. > > $server = 'serverA.internal.ncf.edu'; # ldap server hostname > $masteracct = 'CN=VCL User,OU=Admin,DC=internal,DC=ncf,DC=edu'; # full DNof > account with which to log in to > ldap server > $masterpass = 'mypassword'; # password for account > > $res = ldap_bind($ds, $masteracct, $masterpass); > The above works fine in the test script which is also where it's failing > in vcl/.ht-inc/authentication.php line 413. by the way, I modified > ldapauth and authentication.php to use ldap:// instead of ldaps:// for > the time being because ldaps is not working at all. I get invalid > credentials line 413 of authentication.php is > > $res = ldap_bind($ds, $ldapuser, $passwd); > > my conf.php looks like this which might be the issue, I may need to > put it in a different format. > "server" => "serverA.internal.ncf.edu", > "binddn" => "dc=internal,dc=ncf,dc=edu", > "userid" => "uid=%s,dc=internal,dc=ncf,dc=edu", [email protected]' > "unityid" => "samAccountName", # ldap field that contains the user's > login id > "firstname" => "givenname", # ldap field that contains the user's > first name > "lastname" => "sn", # ldap field that contains the user's > last name > "email" => "mail", # ldap field that contains the > user's email address > "defaultemail" => "@example.com", # if for some reason an email > address may not be returned for a user, this is what > # can be added to the user's login id to send mail > "masterlogin" => "vcluser", # privileged login id for ldap server > "masterpwd" => "mypassword", # privileged login password for > ldapserver > > Thanks >
