LDAPs AD bind
-
Happy to help, and glad you figured it out!
-
@awebster said in LDAPs AD bind:
Happy to help, and glad you figured it out!
This user deserves your upvote.
Steve
-
I have similar issues, and in the end, Im not sure what the resolution was... I tested this:
export LDAPTLS_REQCERT=allow; ldapsearch -v -H "ldaps://IPADDRESS:636" -b "dc=XX,dc=YY,dc=com" -s sub -D "user@domain.com" -w "pwd" (with the proper values inserted of course)
from the Pf web CLI and I got a lot of output which seemed to indicate that the firewall was able to connect to my DC. I think part of my issue is that the CA cert from the DC does not have an IP in the SAN section, and/or that the Pf cant seem to associate the CA cert CN to an IP, which would make me think the issue is DNS resolution.
Any suggestions on the next move? -
In pfSense, are you defining your server by hostname or IP. If by hostname, you might need to add a host override. I did this under the DNS resolver settings.
I performed the PHP-FPM restart from the console, not from within the web GUI.
-
@rb_it_pf Thank you so much! I have been wasting away hours/days trying to figure out why LDAPS would not work. Literally running option 16 in the console resolved the issue. Someone should really put this in the documentation. I can't believe that's all I needed to do. You are a life saver!
-
-
Hi guys!
It's been a lot since the last response to this.
After updating to 2.7.2, can't get to make work ldaps again (updated from 2.7.0).By running this commands:
setenv LDAPTLS_REQCERT allow ldapsearch -v -H "ldaps://dc1.local:636" -b "dc=local" -s sub -D "username@local" -w "password"seems to work because it shows so much information about my directory.
But it does not work when trying to authenticate on GUI. I have restart PHP-FPM so many times with no success.Please advice.
Thank you!
