Instability with multiple LDAPS authentication servers
-
Hello,
We are using twin Netgate XG-7100 running 2.4.5-RELEASE-p1 (amd64) in an enterprise setting providing OpenVPN access with LDAPS authentication as auth server.
The setup works fine as long as only one LDAPS authentication source is used, however, in multiple authentication server setups where multiple LDAPS servers are specified, only one connection can establish TLS and other servers will not be able to connect. All servers work fine individually of course.
Restarting PHP-FPM and web interface solves the problem for a short while until requests to multiple LDAPS servers keep one alive and make others unable to connect to again.
After a couple of hours, different LDAPS connections randomly start and stop working.
It appears pfSense can only hold one TLS connection to LDAPS endpoints.
-
The method of handling LDAP servers changed in recent versions, you should update to a current version and try again. The version you are on is out of date.
-
Updating to the latest version solved the issue. Now I can have multiple LDAPS sources checked with each attempt and also use very long usernames. 2 birds with 1 stone.
