Project

General

Profile

Actions

Bug #19416

closed

Unable to verify LDAPS certificate

Added by Sindre Grindvoll over 7 years ago. Updated over 7 years ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
Authentication
Target version:
-
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

When trying to connect to a Windows Active Directory with LDAP over SSL (LDAPS), the connection fails due to not being able to verify the certificate. The root certificate have been added as a trusted CA on the Foreman server.

Guides and tips from the following issues and documentation have been tried:
- #10139 - http://projects.theforeman.org/issues/2435
- #9858 - http://projects.theforeman.org/issues/9858
- https://theforeman.org/manuals/1.14/index.html#4.1.1LDAPAuthentication

Nothing changes the outcome when trying to connect to the AD server using LDAPS, however no problem with LDAP.
Communication with LDAPS is working when disabling the certificate verification in the Foreman configuration:

/usr/share/foreman/app/models/auth_sources/auth_source_ldap.rb

Changing VERIFY_PEER to VERIFY_NONE allows communication with LDAPS.
93 { :method => :simple_tls, :tls_options => { :verify_mode => OpenSSL::SSL::VERIFY_PEER / NONE } }

System information:
- Ubuntu 16.04 Xenial
- Puppet version 4.9.2
- Foreman version 1.12.4
- Foreman installation guide used: https://marcusit.com/setting-up-puppet-and-foreman-on-ubuntu-16-04-part-i/


Files

auth_source_ldap.rb.patch auth_source_ldap.rb.patch 983 Bytes Karli Sjöberg, 05/17/2017 04:35 PM
Actions

Also available in: Atom PDF